A system and method are provided for translating local ip addresses to globally unique ip addresses. This allows local hosts in an enterprise network to share global ip addresses from a limited pool of such addresses available to the enterprise. The translation is accomplished by replacing the source address in headers on packets destined for the Internet and by replacing destination address in headers on packets entering the local enterprise network from the Internet. packets arriving from the Internet are screened by an adaptive security algorithm. According to this algorithm, packets are dropped and logged unless they are deemed nonthreatening. DNS packets and certain types of ICMP packets are allowed to enter local network. In addition, FTP data packets are allowed to enter the local network, but only after it has been established that their destination on the local network initiated an FTP session.
|
39. A network address translation system for translating network addresses on packets sent from an external host on an external network to a local host on a private network, the private network having a plurality of local hosts at least some of which communicate with hosts on the external network, the network address translation system comprising:
an outside interface connected to the external network; an inside interface connected to the private network; and a memory on which is stored (a) a collection of global ip addresses available to the local hosts on the private network, and (b) translation data associating at least (i) a global ip address temporarily held by the local host and (ii) a local ip address fixed with the local host. 16. A network address translation system for translating network addresses on packets sent from an external host on an external network to a local host on a private network, the private network having a plurality of local hosts at least some of which communicate with hosts on the external network, the network address translation system comprising:
an outside interface connected to the external network; an inside interface connected to the private network; and a translation slot data structure stored on the network address translation system, the translation slot specifying at least (i) a global ip address temporarily held by the local host, (ii) a local address fixed with local host, wherein the network address translation system creates the translation slot when the local host sends a packet to said external host and times out the translation slot after a defined time period has elapsed.
36. A method for translating network addresses on packets destined for local hosts on a private network from hosts on an external network, the method comprising:
identifying a first global ip destination address on an inbound packet arriving at the private network, which first global ip address is one of a collection of global ip addresses available to the local hosts on the private network; determining that the first global ip destination address corresponds to a particular local host on the private network by locating translation data specifying the first global ip destination address and associating it with a corresponding local ip address of the particular local host which has sent an outbound packet to an external network host on the external network within a defined time period, which outbound packet has had the local ip address replaced with the first global ip address; determining whether the inbound packet meets defined security criteria; if the inbound packet meets said security criteria, forwarding the inbound packet to the particular local host to which the inbound packet was addressed.
1. A method for translating network addresses on packets destined for local hosts on a private network from hosts on an external network, the method comprising the following steps:
identifying a global ip destination address on an inbound packet arriving at the private network; determining whether the global ip destination address corresponds to any local host on the private network by determining if a translation slot data structure exists for the global ip destination address, which translation slot associates the global ip destination address to a corresponding local ip address for a particular local host which has sent an outbound packet to an external network host on the external network within a defined time period; if the inbound packet is found to be intended for the particular local host on the private network which has sent the outbound packet to the external network host within said defined time period, determining whether the inbound packet meets defined security criteria; if the inbound packet meets said security criteria, replacing the inbound packet's global ip destination address with the corresponding local ip address for the particular local host to which the inbound packet was addressed; and forwarding the inbound packet to the particular local host to which the inbound packet was addressed.
23. A network address translation system for translating network addresses on packets sent from an external network having a plurality of external hosts to a local host on a private network having a plurality of local hosts at least some of which communicate with hosts on the external network, the network address translation system comprising:
an outside interface connected to the external network; an inside interface connected to the private network; means for identifying a global ip destination address on an inbound packet arriving at the private network; means for determining if a translation slot data structure exists for the global ip destination address, which translation slot associates the global ip destination address with a corresponding local ip address of a particular local host on the private network, which particular local host has sent an outbound packet to an external network host within a defined time period; means for determining whether the inbound packet meets defined security criteria if the inbound packet is found to be addressed to the particular local host on the private network which has sent the outbound packet to the external network host within said defined time period; means for replacing the inbound packet's global ip destination address with a corresponding local ip address for the particular local host to which the inbound packet was addressed; and means for forwarding the inbound packet to the particular local host to which the inbound packet was addressed.
2. The method of
3. The method of
4. The method of
creating the translation slot data structure when the particular local host on the private network sends an outbound packet to an external network destination; removing the translation slot data structure after said defined time period has elapsed.
5. The method of
6. The method of
7. The method of
8. The method of
9. The method of
10. The method of
11. The method of
12. The method of
13. The method of
14. The method of
15. The method of
determining whether the inbound packet is a file transfer protocol packet; and if so, determining whether the inbound packet meets FTP security criteria.
17. The network address translation system of
18. The network address translation system of
19. The network address translation system of
20. The network address translation system of
21. The network address translation system of
22. The network address translation system of
24. The network address translation system of
25. The network address translation system of
26. The network address translation system of
means for creating the translation slot data structure when the particular local host on the private network sends an outbound packet to an external network destination; means for removing the translation slot data structure after said defined time period has elapsed.
27. The network address translation system of
28. The network address translation system of
29. The network address translation system of
30. The network address translation system of
31. The network address translation system of
32. The network address translation system of
33. The network address translation system of
34. The network address translation system of
35. The network address translation system of
37. The method of
38. The method of
40. The network address translation system of
41. The network address translation system of
42. The network address translation system of
|
|||||||||||||||||||||||||||||
The present invention relates to address translation systems for mapping local Internet Protocol "IP" addresses used by hosts on a private network to globally unique IP addresses for communication with hosts on the Internet. The address translation systems have adaptive security mechanisms to protect the private network from certain packet types sent from the Internet.
Private networks are commonly connected to the Internet through one or more routers so that hosts (PCs or other arbitrary network entities) on the private network can communicate with nodes on the Internet. Typically, the host will send packets to locations both within its private network and on the Internet. To receive packets from the Internet, a private network or a host on that network must have a globally unique 32-bit IP address. Each such IP address has a four octet format. Typically, humans communicate IP addresses in a dotted decimal format, with each octet written as a decimal integer separated from other octets by decimal points.
Global IP addresses are issued to enterprises by a central authority known as the Internet Assigned Number Authority ("IANA"). The IANA issues such addresses in one of three commonly used classes. Class A IP addresses employ their first octet as a "netid" and their remaining three octets as a "hostid." The netid identifies the enterprise network and the hostid identifies a particular host on that network. As three octets are available for specifying a host, an enterprise having class A addresses has 224 (nearly 17 million) addresses at its disposal for use with possible hosts. Thus, even the largest companies vastly underuse available class A addresses. Not surprisingly, Class A addresses are issued to only very large entities such as IBM and ATT. Class B addresses employ their first two octets to identify a network (netid) and their second two octets to identify a host (hostid). Thus, an enterprise having class B addresses can use those addresses on approximately 64,000 hosts. Finally, class C addresses employ their first three octets as a netid and their last octet as a hostid. Only 254 host addresses are available to enterprises having a single class C netid.
Unfortunately, there has been such a proliferation of hosts on the Internet, coupled with so many class A and B licenses issued to large entities (who have locked up much address space), that it is now nearly impossible to obtain a class B address. Many organizations now requiring Internet access have far more than 254 hosts--for which unique IP addresses are available with a single class C network address. It is more common for a mid to large size enterprise to have 1000 to 10,000 hosts. Such companies simply can not obtain enough IP addresses for each of their hosts.
To address this problem, a Network Address Translation ("NAT") protocol has been proposed. See K. Egevang and P. Francis, "The IP Network Address Translator (NAT)," Request For Comments "RFC" 1631, Cray Communications, NTT, May 1994 which is incorporated herein by reference for all purposes. NAT is based on the concept of address reuse by private networks, and operates by mapping the reusable IP addresses of the leaf domain to the globally unique ones required for communication with hosts on the Internet. In implementation, a local host wishing to access the Internet receives a temporary IP address from a pool of such addresses available to the enterprise (e.g., class C 254 addresses). While the host is sending and receiving packets on the Internet, it has a global IP address which is unavailable to any other host. After the host disconnects from the Internet, the enterprise takes back its global IP address and makes it available to other hosts wishing to access outside networks.
To implement a NAT, a translation system must be provided between the enterprise private network and the Internet. By virtue of this location, the translation must act as a firewall to protect the local private network from unwanted Internet packets. In view of this requirement, it would be desirable to have a system which employs NAT and provides a secure firewall.
The present invention provides a system which employs NAT in conjunction with an adaptive security algorithm to keep unwanted packets from external sources out of a private network. According to this algorithm, packets are dropped and logged unless they are deemed nonthreatening. Domain Name Section "DNS" packets and certain types of Internet Control Message Protocol "ICMP" packets are allowed to enter local network. In addition, File Transfer Protocol "FTP" data packets are allowed to enter the local network, but only after it has been established that their destination on the local network initiated an FTP session.
These and other features and advantages of the present invention will be presented in more detail in the following specification of the invention and the figures.
FIG. 1 is a block diagram of a computer system for implementing the processes of a Network Address Translation system in accordance with this invention.
FIG. 2 is a schematic diagram of a private network segment connected to the Internet via a NAT system of this invention.
FIG. 3 is a process flow diagram showing generally the steps involved in transmitting an outbound packet through a NAT system to the Internet in accordance with this invention.
FIG. 4A is a schematic illustration of a translation slot and associated fields in accordance with this invention.
FIG. 4B is a schematic illustration of a connection slot and associated fields in accordance with this invention.
FIG. 5 is a process flow diagram showing generally how an inbound packet is treated by a NAT system of this invention.
FIG. 6 is a process flow diagram illustrating in some detail the security features employed to screen inbound packets destined for a local host having a static translation slot.
FIG. 7 is a process flow diagram depicting a process for screening UDP packets destined for a local host having a static translation slot.
FIG. 8 is a process flow diagram depicting a process for screening TCP packets destined for a local host having a static translation slot.
FIG. 9 is a process flow diagram depicting those steps that may be employed to screen for FTP data destined for a private network.
FIG. 10 is a process flow diagram depicting generally a security algorithm for screening packets destined for a local host having a dynamic translation slot.
FIG. 11 is a process flow diagram depicting a process for screening UDP packets destined for a local host having a dynamic translation slot.
FIG. 12 is a process flow diagram depicting a process for screening TCP packets destined for a local host having a dynamic translation slot.
The following terms are used in the instant specification. Their definitions are provided to assist in understanding the preferred embodiments described herein.
A "host" is a PC or other arbitrary network entity residing on a network and capable of communicating with entities outside of its own network through a router or bridge.
A "router" is a piece of hardware which operates at the network layer to direct packets between various nodes of one or more networks. The network layer generally allows pairs of entities in a network to communicate with each other by finding a path through a series of connected nodes.
A "packet" is a collection of data and control information including source and destination node addresses and source and destination ports. The octet of destinations and ports make every connection and packet unique.
The invention employs various process steps involving data manipulation. These steps require physical manipulation of physical quantities. Typically, these quantities take the form of electrical or magnetic signals capable of being stored, transferred, combined, compared, and otherwise manipulated. It is sometimes convenient, principally for reasons of common usage, to refer to these signals as bits, values, variables, characters, data packets, or the like. It should be remembered, however, that all of these and similar terms are to be associated with the appropriate physical quantities and are merely convenient labels applied to these quantities.
Further, the manipulations performed are often referred to in terms, such as translating, running, selecting, specifying, determining, or comparing. In any of the operations described herein that form part of the present invention, these operations are machine operations. Useful machines for performing the operations of the present invention include general purpose and specially designed computers or other similar devices. In all cases, there should be borne in mind the distinction between the method of operations in operating a computer or other processing device and the method of computation itself. The present invention relates to method steps for operating a Network Address Translation system in processing electrical or other physical signals to generate other desired physical signals.
The present invention also relates to an apparatus for performing these operations. This apparatus may be specially constructed for the required purposes, or it may be a general purpose programmable machine selectively activated or reconfigured by a computer program stored in memory. The processes presented herein are not inherently related to any particular computer or other apparatus. In particular, various general purpose machines may be used with programs written in accordance with the teachings herein, or it may be more convenient to construct a more specialized apparatus to perform the required method steps. The general structure for a variety of these machines will appear from the description given below.
Still further, the present invention relates to machine readable media on which are stored program instructions for performing operations on a computer. Such media includes by way of example magnetic disks, magnetic tape, optically readable media such as CD ROMs, semiconductor memory such as PCMCIA cards, etc. In each case, the medium may take the form of a portable item such as a small disk, diskette, cassette, etc., or it may take the form of a relatively larger or immobile item such as a hard disk drive or RAM provided in a computer.
FIG. 1 shows a typical computer-based system which may be used as a secure Network Address Translation system of the present invention. Shown is a computer 10 which comprises an input/output circuit 12 used to communicate information in appropriately structured form to and from the parts of computer 10 and associated equipment, a central processing unit 14, and a memory 16. These components are those typically found in most general and special purpose computers 10 and are intended to be representative of this broad category of data processors.
Connected to the input/output circuit 12 are inside and outside high speed Local Area Network interfaces 18a and 18b. The inside interface 18a will be connected to a private network, while the outside interface 18b will be connected to an external network such as the Internet. Preferably, each of these interfaces includes (1) a plurality of ports appropriate for communication with the appropriate media, and (2) associated logic, and in some instances (3) memory. The associated logic may control such communications intensive tasks as packet integrity checking and media control and management. The high speed interfaces 18a and 18b are preferably multi-port Ethernet interfaces, but may be other appropriate interfaces such as FDDI interfaces, etc.
The computer system may also include an input device (not shown) such as a keyboard. A flash memory device 22 is coupled to the input/output circuit 12 and provides additional storage capability for the computer 10. The flash memory device 22 may be used to store programs, data and the like and may be replaced with a magnetic storage medium or some other well known device. It will be appreciated that the information retained within the flash memory device 22, may, in appropriate cases, be incorporated in standard fashion into computer 10 as part of the memory 16.
In addition, a display monitor 24 is illustrated which is used to display the images being generated by the present invention. Such a display monitor 24 may take the form of any of several well-known varieties of cathode ray tube displays and flat panel displays or some other type of display.
Although the system shown in FIG. 1 is a preferred computer system of the present invention, the displayed computer architecture is by no means the only architecture on which the present invention can be implemented. For example, other types of interfaces and media could also be used with the computer.
FIG. 2 shows a network arrangement 32 employing a network address translation system 34 of the present invention. Translation system 34 acts as a connection between an enterprise network 36 and the Internet 38. On the Internet side, translation system 34 connects to an Internet router 40 via a line 42. Internet router 40, in turn, connects to Internet destinations 44 through a line 46. On the enterprise network side, translation system 34 connects to a router 48 via a line 50. Router 48 is, in turn, linked to various nodes on the enterprise network 36 including node 52 (via line 54) and node 56 (via line 58).
As an example, assume that node 52 sends packets 60a and 60b to router 48 along line 54. Packet 60a is destined for the Internet as indicated by a packet header 62. In contrast, packet 60b is destined to for a node on the enterprise network as indicated by packet header 64. Upon receiving packets 60a and 60b, router 48 then routes packet 60b along line 58 to node 56 and routes packet 60a along line 50 to translation system 34.
To this point, the system behaves consistent with most conventional networking protocols. However, packet 60a contains source address 66 which is not a globally unique IP address. Therefore, node 52 can not expect a reply from the Internet destination of packet 60a. To remedy this problem, packet 60a is routed through translation system 34 which modifies the packet so that it can establish a connection with a desired Internet destination. Specifically, when data packet 60a reaches translation system 34, its local source address 66 is replaced with an authorized global IP source address 68 selected from a pool of available global IP addresses 70. Pool 70 includes all or some subset of the global IP source addresses allocated to enterprise network 36.
After packet 60a has been retooled with global IP address 68, translation system 34 sends it along line 42 to Internet router 40. Router 40 then forwards it to the appropriate destination. Thereafter the Internet destination can reply with a packet of its own destined for global IP address 68. Upon receipt of such packet, translation system 34 will determine if it presents a security risk. If not, it will replace address 68 on the inbound packet with the local address of node 52 and then forward the modified packet to router 48. After the node 52 finishes its Internet session, address 68 may be made available to other nodes desiring Internet access. In this manner, a relatively small number of global IP addresses can be used by a much larger network of hosts.
The methods of this invention apply a security algorithm to network address translation. The basic address translation methodolgy may be directly adapted from RFC 1631, previously incorporated by reference.
FIG. 3 details a process 90 that may be employed by network address translation system 34 upon receipt of packet from enterprise network 36. Such outbound packets are received at the inside interface 18a of system 34. The process begins at 94 and in a decision step 96 determines whether an outbound packet has been received from a host on enterprise network 36. If not, the system simply awaits receipt of such packet. If, on the other hand, such packet was indeed received, a decision step 98 determines whether the host sending the packet is listed in a table of allocated translation slots. This table includes a list of global and local IP addresses for all hosts that have a translation slot opened. Translation slots will be described in more detail below. For now, it is sufficient to recognize that a host's local IP address will appear in the table of allocated translation slots if a translation slot has indeed been allocated for that host. To perform step 98, the NAT system first examines the outbound packet source header to identify the local IP address, and then determines if that address is located in the translation slot table. If so, step 98 is answered in the affirmative.
Assuming that step 98 is in fact answered yes (i.e., the translation slot table lists the local IP source address on the packet), a process step 106 examines the actual translation slot for the local host identified in the translation slot table. If on the other hand, step 98 is answered in the negative (i.e., the host sending the packet is not listed in the table of allocated translation slots), a decision step 100 determines whether a new translation slot is available. If not, an error is logged at process step 102 and the packet is dropped without transmission at a step 104. Thereafter, process control returns to step 96, and system 34 awaits the next outbound packet. Steps 102 and 104 are necessary because the number of translation slots is limited by the number of global IP addresses available to the enterprise network. If the enterprise has only a single class C address collection, for example, no more than 254 translation slots can be used at any given time. The system of this invention does release global IP addresses (i.e., it closes translation slots and removes their entries from the translation slot table) after a defined timeout period. Such period may be adjusted by the network according to the specific network's requirements. A typical default value is 24 hours for example.
Assuming that decision step 100 is answered in the affirmative (i.e., a free translation slot exists), a process step 108 allocates one such translation slot to the host sending the packet. The NAT system the fills the newly allocated slot with various pieces of relevant information (detailed below) including the local host's local IP address and a global IP address selected from the pool of available addresses. In a specific embodiment, the global unique IP address selected from this pool is obtained by simply picking the next available address sequentially. The NAT system also enters the global and local IP addresses for the new translation slot in the translation slot table.
Now, regardless of how a translation slot was identified (via step 106 or 108), the next step is a decision step 110 which determines whether the outbound packet is a Transmission Control Protocol "TCP" packet. As known to those of skill in the art, this determination can be made by checking the appropriate field in the packet header. The TCP protocol requires a connection be established before communication can be commenced.
If the outbound packet turns out not to be a TCP packet, a process step 112 simply translates the IP source address on that packet. In other words, the private source address initially appearing on the packet is replaced with the global unique IP address in the associated translation slot. After the IP source address has been replaced at step 112, a process step 114 fixes the checksums at the end of the packet. Specifically, the address translator will modify the IP checksum and the TCP checksum. Since the differences between the original and translated versions of the packet are known, the checksums are efficiently updated with a simple adjustment rather than a complete recalculation. Details including sample code are provided in RFC 1631. The address translator must also modify those parts of ICMP and FFP packets where the IP address appears. Next, the retooled packet is routed by translation system 34 to the Internet. The process is then complete at 124.
Assuming that decision step 10 determines that the packet is indeed a TCP packet, a decision step 118 then determines whether the "synchronized sequence number" SYN bit has been set in the TCP segment of a TCP header. As known to those skill in the art, this bit is set in the "code bits" section of the TCP header. When the SYN bit is set, it implies that the local host is attempting to establish a connection with a host on the Internet. Assuming that the internal host is in fact attempting to establish a connection, (i.e., decision step 118 is answered in affirmative), translation system 34 creates a new connection slot (if any are available) at a process step 120. That slot is filled information uniquely describing the connection: the remote IP address, the remote port number, and the local port number. Concurrently therewith, the new connection is registered in a "connection field" of the translation slot. Thereafter, process control is directed to step 112 were the IP source address is translated as described above. Then, the packet checksums are corrected and the packet is routed to the Internet as described above. Assuming that decision step 118 is answered in the negative (i.e., the SYN bit is not set), the system will assume that a TCP session has already been synchronized and locate the connection object associated with internal host's current connection as a step 122. This may be accomplished with a hashing algorithm for example. Thereafter, process control is directed to step 112 where the translation, modification, and forwarding functions are performed as described above. If the outbound packet is a TCP packet without its SYN bit set and no existing connection is open, an error has occurred.
It should be apparent from the above discussion that there is essentially no security mechanism to block outbound packets. Most enterprises expect this behavior.
FIG. 4A is a schematic depiction of a translation slot 130 provided for use with the system/methods of this invention. In practice, the translation slot takes the form of a data structure stored in memory of the NAT system. In the translation slot data structure, a "next" field 132 holds a pointer to the next translation slot in the translation slot table. This field is updated whenever the next successive translation slot times out while the slot at issue remains. A "global" field 134 provides the global unique IP address temporarily held by the host having the translation slot. A "local" address field 136 specifies the local address of the host. The global and local address fields are set when the translation slot is opened and they remain fixed throughout the life of the slot.
A "connection" field 138 contains a listing of the connection slots, if any, appended to the translation slot. More than one connection slot may be associated with a given translation slot, as many users may be using a given host to access the Internet. Each associated process will have its own connection slot. The connection field 138 is updated each time a new connection slot is opened or timed out. Next, a "free" field 140 is reserved for a connection slot of a static translation slot. A "stamp" field 142 provides a time stamp indicating when the translation slot last sent or received a packet. Thus, the stamp field is updated each time an Internet packet passes from or to the local host. This is used for purposes of timing out a translation slot.
Next, a "flags" field 144 contains one or more flags that may be set in connection with the translation slot 130. Examples of such flags include a "static flag" to be set when the translation slot is a "static" rather "dynamic" translation slot. This distinction will be discussed in more detail below. Another flag is a "port" flag to be set when a port command is issued by a local host initiating an FTP session. The User Detection Protocol Holes "UDP Holes" field 146 and the "TCP Holes" field 148 specify "conduits" or exceptions to the adaptive security algorithm of this invention. These conduits which apply only to static translation slots will be discussed in more detail below. The UDP Holes and TCP Holes fields are set by the system administrator when configuring the system with static translation slots.
FIG. 4B is a schematic depiction of a connection slot 160 which may be appended to a translation slot as described above. In this slot, a "next" field 162 holds a pointer to the next connection slot associated with the appropriate translation slot. Next, a "flags" field 164 contains any flags associated with the connection slot. A "faddr" field 166 specifies an address for the foreign host to which the connection is made. A "fport" field 168 specifies a port of the foreign host. As is known to those of skill in the art, a port is a TCP/IP transport protocol used to distinguish among multiple destinations within a given host computer. Some destinations are reserved for standard services such as e-mail. Next, an "lport" field 170 specifies a port number for the local host. Values are provided to fields 166, 168, and 170 when the connection slot is opened and these fields remain unchanged throughout the life of the connection slot.
A "delta" field 172 specifies an adjustment (delta) to the TCP sequence number as required for address translation in FTP connections. This is because FTP PORT command arguments include an IP address in ASCII. Substituting the ASCII IP address may change the packet size. The delta value specifies by how much the sequence number must be adjusted to account for any difference in packet size due to substitution of the ASCII number. Field 172 must be updated everytime a PORT command is issued. Next, a "stamp" field 174 specifies the time that the connection was last used. This is used for timing out a connection slot. An "xfer" field 176 specifies the total number of bytes transferred while the connection slot is open. The value in this field will continue to grow as more packets are sent and received over the connection. Finally, a "start" field 178 specifies the time that the connection was created.
The process by which translation system 34 handles inbound packets from the Internet (and arriving at NAT system outside interface 18b) is depicted in a process flow diagram 200 shown in FIG. 5. It should be understood that this procedure includes an adaptive security algorithm that does not block outbound packets. In a preferred embodiment, adaptive security follows these rules:
1. Allow any TCP connections that originate from the inside network.
2. Ensure that if an FTP data connection is initiated to a translation slot, there is already an FTP control connection between that translation slot and the remote host. Also ensure that a port command has been issued between the same two hosts. If these criteria are not met, the attempt to initiate an FTP data connection is dropped and logged.
3. Prevent the initiation of a TCP connection to a translation slot from the outside. The offending packet is dropped and logged.
4. Allow inbound UDP packets only from DNS. NFS is explicitly denied.
5. Drop and log source routed IP packets sent to any translation slot on the translation system.
6. Allow only ICMP of types 0, 3, 4, 8, 11, 12, 17 and 18.
7. Ping requests from outside to dynamic translation slots are silently dropped.
8. Ping requests to static translation slots are answered.
Process 200 begins at 202 and then a decision step 204 determines whether an inbound packet has been received. If not, the system simply awaits receipt of such packet. When such packet is received, a decision step 206 determines whether a translation slot exists for the global IP destination address on the packet. If no such translation slot exists, it is impossible to discern which local host is the intended recipient of the packet. Thus, a process step 208 drops and logs the packet. This means that the inbound packet never reaches the enterprise network 36 and its content is logged for post-mortum evaluation by a network administrator.
Assuming that decision step 206 is answered in the affirmative (i.e., a translation slot exists for the incoming packet), a decision step 210 determines whether that translation slot references a static translation. A static translation slot "hard-wires" to a given internal host machine a globally unique IP address that does not time out. Thus, the host machine maintains an ongoing mapping of its local address to a specific global IP address held by the enterprise. This may be appropriate for internal hosts acting as Internets servers (email, anonymous FTP, World-Wide Web etc.). For all practical purposes, the host machine having the static connection slot appears to be a stand-alone "wide open" node on the Internet. As explained in more detail below, static translation slots unlike dynamic translation slots can have conduits or exceptions to the adaptive security algorithm outlined below.
If decision step 210 is answered in the negative, it can be assumed the translation slot associated with the inbound packet is a dynamic translation slot. In that case, a process step 212 will handle the inbound packet according to a specific algorithm for dynamic translations (see FIG. 10 as discussed below). Thereafter, the process is completed at 230.
Assuming that decision step 210 is answered in the affirmative (i.e., the translation slot is static translation slot), a decision step 214 determines whether the inbound packet is an ICMP frame. As known to those of skill in the art, ICMP packets are used, for among purposes, to handle error and control messages. Many ICMP functions do not pose a security danger. However, others such as a "redirect" (which changes a route in a routing table) pose potential security risks. Thus, if the inbound packet is an ICMP packet a decision step 216 determines whether that packet is of an approved type. Assuming that the ICMP packet is not of an approved type, a process step 218 drops and logs the packet as described above (in the context of step 208). Thereafter, the process is completed at 230.
Assuming that decision step 216 determines that the ICMP packet is of an approved type, a process step 220 translates the inbound packet by replacing the global IP address with a local IP address provided in the static translation slot for the local host receiving the inbound packet. In addition, the system will fix the checksums in the packet as appropriate based upon the address change. Thereafter, at a step 222, the translated inbound packet is forwarded to the local host and the process is completed at 230.
If decision step 214 determines that the inbound packet is not an ICMP packet, a decision step 224 determines whether a "secure flag" is set for the static translation. This can be determined by simply looking a the appropriate field in the static translation slot (field 144) associated with the destination host. Enterprise hosts having static translation slots may or may not employ the adaptive security mechanisms of the present invention. It is up to the user or administrator to configure such hosts appropriately (by setting the secure flag if adaptive security is to be employed). Assuming that decision step 224 is answered in the negative (i.e., the secure flag is not set), process control is directed to step 220 where the inbound packet is translated as described above. Thereafter, the packet is forwarded at step 222 and the process is completed as described above.
If decision step 224 determines that the secure flag is set in the static translation slot, the system will scrutinize the inbound packet according to the adaptive security mechanism at a step 226. Specifically, step 226 will test the inbound packet to determine whether it meets certain "LUDP" and "TCP" security criteria. If the step determines that the inbound packet does not pose a security risk, it is translated and forwarded at steps 220 and 222 as described above. If, however, the inbound packet is found to pose a security risk, it is dropped and logged at a step 228 before the process is completed at 230.
As noted, only certain "nonthreatening" types of ICMP messages will be accepted. Following this paragraph is a list of some ICMP message types. In a preferred embodiment, only types 0, 3, 4, 8, 11, 12, 17 and 18 are allowed. This implies that ICMP redirects (type 5) and others are denied by the adaptive security mechanism.
| ______________________________________ |
| Type Field ICMP Message Type |
| ______________________________________ |
| 0 Echo Reply |
| 3 Destination Unreachable |
| 4 Source Quench |
| 5 Redirect (change a route) |
| 8 Echo Request |
| 11 Time Exceeded for a Datagram |
| 12 Parameter Problem on a Datagram |
| 13 Timestamp Request |
| 14 Timestamp Reply |
| 15 Information Request |
| 16 Information Reply |
| 17 Address Mask Request |
| 18 Address Mask Reply |
| ______________________________________ |
The process of determining whether an inbound packet meets the UDP and security criteria of this invention (step 226 of FIG. 5) is depicted in FIG. 6. The process begins at 240 and in a decision step 242 determines whether inbound et is a UDP packet. As known to those of skill art, this information can be readily discerned by checking the appropriate field of an IP datagram header. Assuming that system determines that the inbound packet is indeed a UDP packet, a decision step 244 determines whether that packet meets specified UDP security criteria. If so, the process is completed at 250 with the packet being made available for translation for an forwarding as described with reference to FIG. 5. If, however, decision step 244 determines that the UDP packet does not met the required security criteria, the process is completed at 252 with the UDP packet being dropped and logged as described with respect to step 228 of FIG. 5.
Assuming that decision step 242 determines that the datagram structure of the inbound packet is not a UDP packet, a decision step 246 determines whether that datagram is a TCP packet. If so, a decision step 248 determines whether TCP packet meets the TCP security criteria provide for the translation system. If so, the process is completed at 250 as described above. If not, the process is completed at 252 as described above. Finally, if decision step 246 is answered in the negative (i.e., the inbound packet is neither a UDP nor a TCP packet), the process is completed at 252 as described above.
The process of the determining whether an inbound UDP packet meets the specified UDP security criteria (step 244 of FIG. 6) is detailed in FIG. 7. The process begins a 260, and in a step 262 determines whether any "conduits" exists in the adaptive security mechanism associated with the static translation slot of interest. As described in more detail below, conduits are exceptions to the adaptive security rules described herein Assuming that no such conduits exists, a decision step 264 determines whether the destination port number is greater than 1024. This implies that the destination is a "nonprivileged" port, and there is a probability that the inbound packet is a normal return packet for UDP. Specifically, the packet may be a reply to a DNS (domain name service) request by a local host. If decision step 264 is answered in the affirmative, a decision step 266 determines whether the destination port is equal to value of 2049. If so, this implies that the inbound packet is an NFS (network file system) packet which should not be accepted. As is known to those of skill in the art, NFS packets are employed to access an external computer's file system as if it was local. Such access from the Internet is clearly inconsistent with the security goals of this invention. Therefore the process is completed at 274 with the packet being dropped and logged pursuant to step 228 of FIG. 5. If, however, decision step 266 is answered in the negative (i.e, the destination is not equal to 2049), a decision step 268 determines whether the source port value is equal to 53. This implies that the inbound packet is a DNS packet which should be accepted so that the local host can access a remote host by name. Thus, if decision step 268 is answered in the affirmative, the process is completed at 272 with the packet being translated in accordance with step 220 of FIG. 5.
The immediately preceding steps allow only those packets having a large destination port (>1024) and a source port equal to 53. This is consistent with DNS requests initiated by the local host.
Assuming that decision step 264 determines that the destination port value is not greater than 1024, a decision step 270 determines whether the destination port value is equal to 53. If so, the inbound packet must be a DNS request packet and should be allowed in. If decision step 270 is answered in the affirmative, the process is completed at 272 as described above. If, on the other hand, decision step 270 is answered in the negative, the process is completed at 274 as described above. In summary, the function of decision steps 264 through 270 is to ensure that the only packets allowed to cross from the Internet through translation system 34 to enterprise 36 are DNS packets. NFS packets are explicitly excluded.
If decision step 262 determines that one or more conduits exists for the static translation slot, a decision step 263 determines whether the UDP packet matches any of those conduits. If so, the process is completed at 272 as described above. If not, process control is directed to step 264 for evaluation of the packet's destination port as described above.
As mentioned, conduits are exceptions to the general adaptive security rules implemented on translation system 34. Such rules were summarized above. Each secure static translation slot will have zero or more conduits provided therewith in the "UDP Holes" and/or "TCP Holes" fields 146 and 148 (see FIG. 4A). These fields are supplied with specific conduits when the translation system is configured. Each such conduit is provided in the format protocol: address/mask-port. The "protocol" section specifies either UDP or TCP, the "address" section specifies a destination global IP address, the net "mask" section specifies how many bits of the IP address that are to be compared in the matching step, and the "port" section specifies a destination port value (e.g., 25 for mail, 24 for Telnet, etc.). The "mask" section can be set as large or small as desired. For example, if an administrator wishes to allow an entire class C address group into the conduit, the mask would be set to compare only the 24 IP address bits specifying netid. If the information contained in the inbound packet meets the criteria specified by a conduit, the conduit is "matched" pursuant to step 263 of FIG. 7.
Multiple exceptions may be applied to a single static translation slot (via multiple conduit commands). This allows the administrator to permit access from an arbitrary machine, network, or any host on the Internet to the inside host defined by the static translation slot.
FIG. 8 details the step of determining whether a TCP packet meets the specified security criteria (step 248 of FIG. 6). The process begins at 280 and in a decision step 282 determines whether a conduit exists for the static translation slot at issue. If so, a decision step 284 determines whether the information contained in the inbound packet matches any conduit for the static translations slot. This process is conducted exactly as described with reference to decision step 263 in FIG. 7. If decision step determines that there is a conduit match, the process is completed at 294 with translation and forwarding of the packet. If however, decision step 284 determines that there is no conduit match, a decision step 286 determines whether the SYN flag is set and the ACK flag is not set. If so, an external source is likely attempting an unsolicited connection to the enterprise network. In general, such packets should not be accepted unless they are part of a requested FTP file transfer.
If decision step 282 determines that there are no conduits associated with the static translation slot of the destination host, process control is directed to decision step 286. If the conditions of step 286 are not met (i.e., either the SYN flag is not set or the ACK flag is set), a decision step 288 determines whether a connection slot exists for the static translation slot at issue. If no such connection slot exists, it can be assumed that no connection was initiated by a host in the enterprise network 36. Thus, if decision step 288 is answered in the negative, the process is concluded at 296 with the packet being dropped and logged. If, however, a connection slot does exist for the static translation slot, a decision step 290 determines whether the port and IP source and destination addresses of the inbound packet match those of any connection object of the static translation slot. If no such match is found, it can again be assumed that the internal host did not initiate a connection requesting the inbound packet. Thus, if decision step 290 is answered in the negative, the process is concluded at 296 with the packet being dropped and logged. If, on the other hand, decision step 290 is answered in the affirmative (that is, the port and IP addresses in the inbound packet match those of a connection object), the process is concluded at 294 with the packet being translated and forwarded.
If decision step 286 is answered in the affirmative, a decision step 292 determines whether the source port value of the inbound packet equals 20. A source port value of 20 indicates that an FTP (file transfer protocol) data connection is being established. If decision step 292 is answered in the negative (i.e., the inbound packet is attempting to establish a connection for some purpose other than sending FTP data), the process is concluded at 296 with the packet being dropped and logged. If, however, decision step 292 is answered in the affirmative, a decision step 293 determines whether the inbound packet meets certain FTP security criteria. If so, the process is completed at 294 with the packet being translated and forwarded. If not the process ends at 296 with the packet being dropped and logged.
FIG. 9 details the process steps associated with determining whether FTP security criteria have been met (step 293 of FIG. 8). The process begins at 300 and then a decision step 302 determines whether an FTP control connection slot exists for the translation slot of the local host. This can be determined by a destination port number of 21 in the "fport" field 168 of a connection slot for the local host (see FIG. 4B). If so, the host associated with the static translation slot has initiated an FTP control session and the inbound packet may possibly accepted. As is known to those of skill in the art, FTP consists of two connections: first a local host logs into a remote server with a control connection and then the remote server responds with a data connection to the local host. Assuming that an FTP control connection slot exists, a decision step 304 determines whether the local host has issued a PORT command. This may be established by checking for a "port" flag in the flags field of the translation slot (see FIG. 4A). Assuming that such port command has been issued, a decision step 306 determines whether a new connection slot is available. It is possible that the translation system 34 may have too many simultaneous connections to allocate a new connection slot. That is, it is of course possible that all available connection slots are in use. If, however, one or more additional connection slots are available (i.e., decision step 306 is answered in the affirmative), a process step 308 creates a new connection slot for the inbound FTP data packet. Concurrently therewith, the new connection is registered in the "connection field" of the translation slot. Thereafter the process is completed at 310 with the inbound packet being translated and forwarded. If any of decision steps 302, 304, or 306 are answered in the negative, the process is concluded at 312 with the packet being dropped and logged.
As noted above in the context of FIG. 5, inbound packets that are not destined for static translation slots may be destined for dynamic translation slots. In fact, all translation slots are either static or dynamic. Thus, if a translation slot exists for the destination of an inbound packet, and that destination does not have a static translation slot, then it must have a dynamic translation slot. As noted in connection with the discussion of FIG. 5, a decision step 212 determines whether such inbound packets meet the security requirements for dynamic translation slots. FIG. 10 details a process by which such security requirements are evaluated. The process begins at 320, and in a decision step 322 the translation system determines whether the inbound packet is an ICMP packet. If so, decision step 324 determines whether that packet contains a "ping" request (ICMP echo message--type 8). If so, the process is completed at 338 with the inbound packet being dropped and logged. If on the other hand, the ICMP packet is not a ping request, a decision step 326 determines whether the inbound packet is one of the approved types of packets. If decision step 326 determines that the inbound ICMP packet is not one of the approved types, the process is concluded at 338 with the packet being dropped and logged. If, on the other hand, the ICMP packet is of an approved type, the process is concluded at 336 with the packet being translated and forwarded.
A comparison of the processes depicted in FIGS. 5 and 10 shows that ICMP packets are treated similarly when destined for hosts with either static or dynamic translation slots. However, a host with a static translation slot will accept a ping request (ICMP message type 8) while a host with a dynamic translation slot will not. Thus, external sources can establish the presence of static hosts but not dynamic hosts. This is because the dynamic hosts change IP addresses from time to time and are intended to be shielded behind translation system.
Returning now to FIG. 10, assuming that the inbound packet is not an ICMP packet (i.e., decision step 322 is answered in the negative), a decision step 328 determines whether the inbound packet is a UDP packet. If so, a decision step 330 determines whether the inbound UDP packet meets the security criteria appropriate for a dynamic translation slot. If so, the process is concluded at 336 with the packet being translated and forwarded. If not, the process is concluded at 338 with the packet being dropped and logged.
Assuming that the inbound packet is neither an ICMP packet nor a UDP packet (i.e., both decision steps 322 and 328 are answered in the negative), a decision step 332 then determines whether the inbound packet is a TCP packet. If not, the process is concluded at 338 with the packet being dropped and logged. If, on the other hand, the packet is indeed a TCP packet, a decision step 334 determines whether that packet meets the adaptive security criteria required of a TCP packet destined for a host having a dynamic translation slot. If so, the process is concluded at 336 with the packet being translated and forwarded. If not, the process is concluded at 338 with the packet being dropped and logged.
The UDP and TCP security criteria for inbound packets are nearly identical for hosts having static translation slots and hosts having dynamic translation slots. The only difference is that hosts with static translation slots can have conduits or exceptions to the security mechanism. The following discussion of FIGS. 11 and 12 will illustrate this.
The process of the determining whether an inbound UDP packet meets security criteria for a dynamic slot (step 330 of FIG. 10) is detailed in FIG. 11. The process begins a 350, and a decision step 352 evaluates the incoming packet to determine whether its destination port number is greater than 1024. If so, a decision step 354 determines whether the destination port is equal to a value of 2049. If so, this implies that the inbound packet is an NFS (network file system) packet which should not be accepted. In such cases, the process is completed at 360 with the packet being dropped and logged. If, however, decision step 354 is answered in the negative (i.e, the destination is not equal to 2049), a decision step 356 determines whether the source port value is equal to 53. This implies that the inbound packet is a DNS packet which should be accepted. Thus, if decision step 356 is answered in the affirmative, the process is completed at 362 with the packet being translated and forwarded.
Assuming that decision step 352 determines that the destination port value is not greater than 1024, a decision step 358 determines whether the destination port value is equal to 53. If so, the inbound packet must be a DNS request packet and should be allowed in. Thus, if decision step 358 is answered in the affirmative, the process is completed at 362 as described above. If, on the other hand, decision step 358 is answered in the negative, the process is completed at 360 as described above. As in the case of static translation slots, the only packets allowed to cross from the Internet through translation system 34 to enterprise network 36 are DNS packets. NFS packets are explicitly excluded.
FIG. 12 details the process of determining whether a TCP packet meets the security criteria for a dynamic slot (step 334 of FIG. 10). The process begins at 370 and in a decision step 372 examines the incoming packet and determines whether the SYN flag is set and the ACK flag is not set. If not, a decision step 374 determines whether a connection slot exists for the dynamic translation slot at issue. If no such connection slot exists, it can be assumed that no connection was initiated by a host in the enterprise network 36. Thus, if decision step 374 is answered in the negative, the process is concluded at 382 with the packet being dropped and logged. If, however, a connection slot does exist for the dynamic translation slot, a decision step 376 determines whether the port and IP source and destination addresses of the inbound packet match those of any connection object of the dynamic translation slot. If no such match is found, it can again be assumed that the internal host did not initiate a connection requesting the inbound packet. Thus, if decision step 376 is answered in the negative, the process is concluded at 382 with the packet being dropped and logged. If, on the other hand, decision step 376 is answered in the affirmative (that is, the port and IP addresses in the inbound packet match those of a connection object), the process is concluded at 384 with the packet being translated and forwarded.
If decision step 372 is answered in the affirmative, a decision step 378 determines whether the source port value of the inbound packet equals 20. As noted, a source port value of 20 indicates that an FTP data connection is being established. If decision step 378 is answered in the negative (i.e., the inbound packet is attempting to establish a connection for some purpose other than sending FTP data), the process is concluded at 382 with the packet being dropped and logged. If, however, decision step 378 is answered in the affirmative, a decision step 380 determines whether the inbound packet meets certain FTP security criteria. If so, the process is completed at 384 with the packet being translated and forwarded. If not the process ends at 382 with the packet being dropped and logged. The FTP security criteria referenced in step 380 may be identical to those set forth in FIG. 9.
Although the foregoing invention has been described in some detail for purposes of clarity of understanding, it will be apparent that certain changes and modifications may be practiced within the scope of the appended claims. For example, the private network described above may be a single local area network or multiple local area networks connected as a wide area network. Further, the adaptive security algorithm described above may be applied to a single machine as well as a network.
Coile, Brantley W., Mayes, John C.
| Patent | Priority | Assignee | Title |
| 10021022, | Jun 30 2015 | Juniper Networks, Inc. | Public network address conservation |
| 10050917, | Jan 24 2007 | JPMORGAN CHASE BANK, N A , AS ADMINISTRATIVE AGENT | Multi-dimensional reputation scoring |
| 10051078, | Jun 12 2007 | ICONTROL NETWORKS, INC | WiFi-to-serial encapsulation in systems |
| 10062245, | Mar 30 2010 | iControl Networks, Inc. | Cross-client sensor user interface in an integrated security network |
| 10062273, | Sep 28 2010 | ICONTROL NETWORKS, INC | Integrated security system with parallel processing architecture |
| 10078958, | Dec 17 2010 | ICONTROL NETWORKS, INC | Method and system for logging security event data |
| 10079839, | Jun 12 2007 | ICONTROL NETWORKS, INC | Activation of gateway device |
| 10091014, | Sep 23 2011 | ICONTROL NETWORKS, INC | Integrated security network with security alarm signaling system |
| 10110436, | Dec 08 1998 | NOMADIX, INC. | Systems and methods for providing content and services on a network system |
| 10127801, | Sep 28 2010 | ICONTROL NETWORKS, INC | Integrated security system with parallel processing architecture |
| 10127802, | Sep 28 2010 | ICONTROL NETWORKS, INC | Integrated security system with parallel processing architecture |
| 10140840, | Apr 23 2007 | iControl Networks, Inc. | Method and system for providing alternate network access |
| 10142166, | Mar 16 2004 | iControl Networks, Inc. | Takeover of security network |
| 10142392, | Jan 24 2007 | ICONTROL NETWORKS INC ; ICONTROL NETWORKS, INC | Methods and systems for improved system performance |
| 10142394, | Jun 12 2007 | iControl Networks, Inc. | Generating risk profile using data of home monitoring and security system |
| 10156831, | Mar 16 2005 | iControl Networks, Inc. | Automation system with mobile interface |
| 10156959, | Mar 16 2005 | ICONTROL NETWORKS, INC | Cross-client sensor user interface in an integrated security network |
| 10164940, | Feb 24 1999 | Guest Tek Interactive Entertainment Ltd. | Methods and apparatus for providing high speed connectivity to a hotel environment |
| 10200504, | Jun 12 2007 | ICONTROL NETWORKS, INC | Communication protocols over internet protocol (IP) networks |
| 10212128, | Jun 12 2007 | ICONTROL NETWORKS, INC | Forming a security network including integrated security system components and network devices |
| 10223903, | Sep 28 2010 | ICONTROL NETWORKS, INC | Integrated security system with parallel processing architecture |
| 10225314, | Jan 24 2007 | ICONTROL NETWORKS, INC | Methods and systems for improved system performance |
| 10237237, | Jun 12 2007 | ICONTROL NETWORKS, INC | Communication protocols in integrated systems |
| 10237806, | Apr 29 2010 | ICONTROL NETWORKS, INC | Activation of a home automation controller |
| 10257364, | Aug 25 2008 | ICONTROL NETWORKS, INC | Security system with networked touchscreen and gateway |
| 10275999, | Apr 29 2010 | ICONTROL NETWORKS, INC | Server-based notification of alarm event subsequent to communication failure with armed security system |
| 10277609, | Jun 12 2007 | ICONTROL NETWORKS, INC | Communication protocols in integrated systems |
| 10291580, | Oct 15 2002 | NOMADIX, INC. | Systems and methods for network address translation |
| 10313303, | Jun 12 2007 | ICONTROL NETWORKS, INC | Forming a security network including integrated security system components and network devices |
| 10332363, | Apr 30 2009 | iControl Networks, Inc. | Controller and interface for home security, monitoring and automation having customizable audio alerts for SMA events |
| 10339791, | Jun 12 2007 | ICONTROL NETWORKS, INC | Security network integrated with premise security system |
| 10341243, | Dec 08 1998 | NOMADIX, INC. | Systems and methods for providing content and services on a network system |
| 10348575, | Jun 27 2013 | ICONTROL NETWORKS, INC | Control system user interface |
| 10365810, | Jun 27 2013 | ICONTROL NETWORKS, INC | Control system user interface |
| 10375253, | Aug 25 2008 | ICONTROL NETWORKS, INC | Security system with networked touchscreen and gateway |
| 10380871, | Mar 16 2005 | ICONTROL NETWORKS, INC | Control system user interface |
| 10382452, | Jun 12 2007 | ICONTROL NETWORKS, INC | Communication protocols in integrated systems |
| 10389736, | Jun 12 2007 | ICONTROL NETWORKS, INC | Communication protocols in integrated systems |
| 10423309, | Jun 12 2007 | iControl Networks, Inc. | Device integration framework |
| 10444964, | Jun 12 2007 | ICONTROL NETWORKS, INC | Control system user interface |
| 10447491, | Mar 16 2004 | iControl Networks, Inc. | Premises system management using status signal |
| 10498830, | Jun 12 2007 | iControl Networks, Inc. | Wi-Fi-to-serial encapsulation in systems |
| 10522026, | Aug 11 2008 | ICONTROL NETWORKS, INC | Automation system user interface with three-dimensional display |
| 10523689, | Jun 12 2007 | ICONTROL NETWORKS, INC | Communication protocols over internet protocol (IP) networks |
| 10530839, | Aug 11 2008 | ICONTROL NETWORKS, INC | Integrated cloud system with lightweight gateway for premises automation |
| 10559193, | Feb 01 2002 | Comcast Cable Communications, LLC | Premises management systems |
| 10616075, | Jun 12 2007 | ICONTROL NETWORKS, INC | Communication protocols in integrated systems |
| 10616244, | Jun 12 2006 | iControl Networks, Inc. | Activation of gateway device |
| 10657794, | Mar 26 2010 | ICONTROL NETWORKS, INC | Security, monitoring and automation controller access and use of legacy security control panel information |
| 10666523, | Jun 12 2007 | ICONTROL NETWORKS, INC | Communication protocols in integrated systems |
| 10672254, | Apr 23 2007 | iControl Networks, Inc. | Method and system for providing alternate network access |
| 10674428, | Apr 30 2009 | ICONTROL NETWORKS, INC | Hardware configurable security, monitoring and automation controller having modular communication protocol interfaces |
| 10691295, | Mar 16 2004 | iControl Networks, Inc. | User interface in a premises network |
| 10692356, | Mar 16 2004 | iControl Networks, Inc. | Control system user interface |
| 10721087, | Mar 16 2005 | ICONTROL NETWORKS, INC | Method for networked touchscreen with integrated interfaces |
| 10735249, | Mar 16 2004 | iControl Networks, Inc. | Management of a security system at a premises |
| 10741057, | Dec 17 2010 | iControl Networks, Inc. | Method and system for processing security event data |
| 10747216, | Feb 28 2007 | ICONTROL NETWORKS, INC | Method and system for communicating with and controlling an alarm system from a remote server |
| 10754304, | Mar 16 2004 | iControl Networks, Inc. | Automation system with mobile interface |
| 10764248, | Mar 16 2004 | iControl Networks, Inc. | Forming a security network including integrated security system components and network devices |
| 10785319, | Jun 12 2006 | ICONTROL NETWORKS, INC | IP device discovery systems and methods |
| 10796557, | Mar 16 2004 | iControl Networks, Inc. | Automation system user interface with three-dimensional display |
| 10813034, | Apr 30 2009 | ICONTROL NETWORKS, INC | Method, system and apparatus for management of applications for an SMA controller |
| 10841381, | Mar 16 2005 | iControl Networks, Inc. | Security system with networked touchscreen |
| 10880271, | Jun 03 2005 | Asavie Technologies Limited | Secure network communication system and method |
| 10890881, | Mar 16 2004 | iControl Networks, Inc. | Premises management networking |
| 10930136, | Mar 16 2005 | iControl Networks, Inc. | Premise management systems and methods |
| 10942552, | Mar 24 2015 | iControl Networks, Inc. | Integrated security system with parallel processing architecture |
| 10979385, | Oct 15 2002 | NOMADIX, INC. | Systems and methods for network address translation |
| 10979389, | Mar 16 2004 | iControl Networks, Inc. | Premises management configuration and control |
| 10992784, | Mar 16 2004 | ICONTROL NETWORKS, INC | Communication protocols over internet protocol (IP) networks |
| 10999254, | Mar 16 2005 | iControl Networks, Inc. | System for data routing in networks |
| 11032242, | Mar 16 2004 | ICONTROL NETWORKS, INC | Communication protocols in integrated systems |
| 11037433, | Mar 16 2004 | iControl Networks, Inc. | Management of a security system at a premises |
| 11043112, | Mar 16 2004 | iControl Networks, Inc. | Integrated security system with parallel processing architecture |
| 11082395, | Mar 16 2004 | iControl Networks, Inc. | Premises management configuration and control |
| 11089122, | Jun 12 2007 | ICONTROL NETWORKS, INC | Controlling data routing among networks |
| 11113950, | Mar 16 2005 | ICONTROL NETWORKS, INC | Gateway integrated with premises security system |
| 11129084, | Apr 30 2009 | iControl Networks, Inc. | Notification of event subsequent to communication failure with security system |
| 11132888, | Apr 23 2007 | iControl Networks, Inc. | Method and system for providing alternate network access |
| 11146637, | Mar 03 2014 | ICONTROL NETWORKS, INC | Media content management |
| 11153266, | Mar 16 2004 | iControl Networks, Inc. | Gateway registry methods and systems |
| 11159484, | Mar 16 2004 | iControl Networks, Inc. | Forming a security network including integrated security system components and network devices |
| 11175793, | Mar 16 2004 | iControl Networks, Inc. | User interface in a premises network |
| 11182060, | Mar 16 2004 | iControl Networks, Inc. | Networked touchscreen with integrated interfaces |
| 11184322, | Mar 16 2005 | ICONTROL NETWORKS, INC | Communication protocols in integrated systems |
| 11190578, | Aug 11 2008 | ICONTROL NETWORKS, INC | Integrated cloud system with lightweight gateway for premises automation |
| 11194320, | Feb 28 2007 | iControl Networks, Inc. | Method and system for managing communication connectivity |
| 11201755, | Mar 16 2004 | iControl Networks, Inc. | Premises system management using status signal |
| 11212192, | Jun 12 2007 | iControl Networks, Inc. | Communication protocols in integrated systems |
| 11218878, | Jun 12 2007 | ICONTROL NETWORKS, INC | Communication protocols in integrated systems |
| 11223998, | Mar 26 2010 | iControl Networks, Inc. | Security, monitoring and automation controller access and use of legacy security control panel information |
| 11237714, | Jun 12 2007 | Control Networks, Inc. | Control system user interface |
| 11240059, | Dec 20 2010 | iControl Networks, Inc. | Defining and implementing sensor triggered response rules |
| 11244545, | Mar 16 2004 | iControl Networks, Inc. | Cross-client sensor user interface in an integrated security network |
| 11258625, | Aug 11 2008 | ICONTROL NETWORKS, INC | Mobile premises automation platform |
| 11277465, | Mar 16 2004 | iControl Networks, Inc. | Generating risk profile using data of home monitoring and security system |
| 11284331, | Apr 29 2010 | ICONTROL NETWORKS, INC | Server-based notification of alarm event subsequent to communication failure with armed security system |
| 11296950, | Jun 27 2013 | iControl Networks, Inc. | Control system user interface |
| 11310199, | Mar 16 2004 | iControl Networks, Inc. | Premises management configuration and control |
| 11316753, | Jun 12 2007 | iControl Networks, Inc. | Communication protocols in integrated systems |
| 11316958, | Aug 11 2008 | ICONTROL NETWORKS, INC | Virtual device systems and methods |
| 11341840, | Dec 17 2010 | iControl Networks, Inc. | Method and system for processing security event data |
| 11343380, | Mar 16 2004 | iControl Networks, Inc. | Premises system automation |
| 11356926, | Apr 30 2009 | iControl Networks, Inc. | Hardware configurable security, monitoring and automation controller having modular communication protocol interfaces |
| 11367340, | Mar 16 2005 | iControl Networks, Inc. | Premise management systems and methods |
| 11368327, | Aug 11 2008 | ICONTROL NETWORKS, INC | Integrated cloud system for premises automation |
| 11368429, | Mar 16 2004 | iControl Networks, Inc. | Premises management configuration and control |
| 11378922, | Mar 16 2004 | iControl Networks, Inc. | Automation system with mobile interface |
| 11398147, | Sep 28 2010 | iControl Networks, Inc. | Method, system and apparatus for automated reporting of account and sensor zone information to a central station |
| 11405463, | Mar 03 2014 | iControl Networks, Inc. | Media content management |
| 11410531, | Mar 16 2004 | iControl Networks, Inc. | Automation system user interface with three-dimensional display |
| 11412027, | Jan 24 2007 | iControl Networks, Inc. | Methods and systems for data communication |
| 11418518, | Jun 12 2006 | iControl Networks, Inc. | Activation of gateway device |
| 11418572, | Jan 24 2007 | iControl Networks, Inc. | Methods and systems for improved system performance |
| 11423756, | Jun 12 2007 | ICONTROL NETWORKS, INC | Communication protocols in integrated systems |
| 11424980, | Mar 16 2005 | iControl Networks, Inc. | Forming a security network including integrated security system components |
| 11449012, | Mar 16 2004 | iControl Networks, Inc. | Premises management networking |
| 11451409, | Mar 16 2005 | iControl Networks, Inc. | Security network integrating security system and network devices |
| 11489812, | Mar 16 2004 | iControl Networks, Inc. | Forming a security network including integrated security system components and network devices |
| 11496568, | Mar 16 2005 | iControl Networks, Inc. | Security system with networked touchscreen |
| 11537186, | Mar 16 2004 | iControl Networks, Inc. | Integrated security system with parallel processing architecture |
| 11553399, | Apr 30 2009 | iControl Networks, Inc. | Custom content for premises management |
| 11582065, | Jun 12 2007 | ICONTROL NETWORKS, INC | Systems and methods for device communication |
| 11588787, | Mar 16 2004 | iControl Networks, Inc. | Premises management configuration and control |
| 11595364, | Mar 16 2005 | iControl Networks, Inc. | System for data routing in networks |
| 11601397, | Mar 16 2004 | iControl Networks, Inc. | Premises management configuration and control |
| 11601810, | Jun 12 2007 | ICONTROL NETWORKS, INC | Communication protocols in integrated systems |
| 11601865, | Apr 30 2009 | iControl Networks, Inc. | Server-based notification of alarm event subsequent to communication failure with armed security system |
| 11611568, | Jan 24 2008 | iControl Networks, Inc. | Communication protocols over internet protocol (IP) networks |
| 11615697, | Mar 16 2005 | iControl Networks, Inc. | Premise management systems and methods |
| 11616659, | Aug 11 2008 | iControl Networks, Inc. | Integrated cloud system for premises automation |
| 11625008, | Mar 16 2004 | iControl Networks, Inc. | Premises management networking |
| 11625161, | Jun 12 2007 | iControl Networks, Inc. | Control system user interface |
| 11626006, | Mar 16 2004 | iControl Networks, Inc. | Management of a security system at a premises |
| 11632308, | Jun 12 2007 | iControl Networks, Inc. | Communication protocols in integrated systems |
| 11641391, | Aug 11 2008 | iControl Networks Inc. | Integrated cloud system with lightweight gateway for premises automation |
| 11646907, | Jun 12 2007 | iControl Networks, Inc. | Communication protocols in integrated systems |
| 11656667, | Mar 16 2004 | iControl Networks, Inc. | Integrated security system with parallel processing architecture |
| 11663902, | Apr 23 2007 | iControl Networks, Inc. | Method and system for providing alternate network access |
| 11665617, | Apr 30 2009 | iControl Networks, Inc. | Server-based notification of alarm event subsequent to communication failure with armed security system |
| 11677577, | Mar 16 2004 | iControl Networks, Inc. | Premises system management using status signal |
| 11700142, | Mar 16 2005 | iControl Networks, Inc. | Security network integrating security system and network devices |
| 11706045, | Mar 16 2005 | iControl Networks, Inc. | Modular electronic display platform |
| 11706279, | Jan 24 2007 | iControl Networks, Inc. | Methods and systems for data communication |
| 11711234, | Aug 11 2008 | iControl Networks, Inc. | Integrated cloud system for premises automation |
| 11722896, | Jun 12 2007 | iControl Networks, Inc. | Communication protocols in integrated systems |
| 11729255, | Aug 11 2008 | iControl Networks, Inc. | Integrated cloud system with lightweight gateway for premises automation |
| 11750414, | Dec 16 2010 | ICONTROL NETWORKS, INC | Bidirectional security sensor communication for a premises security system |
| 11757834, | Mar 16 2004 | iControl Networks, Inc. | Communication protocols in integrated systems |
| 11758026, | Aug 11 2008 | iControl Networks, Inc. | Virtual device systems and methods |
| 11778534, | Apr 30 2009 | iControl Networks, Inc. | Hardware configurable security, monitoring and automation controller having modular communication protocol interfaces |
| 11782394, | Mar 16 2004 | iControl Networks, Inc. | Automation system with mobile interface |
| 11792036, | Aug 11 2008 | iControl Networks, Inc. | Mobile premises automation platform |
| 11792330, | Mar 16 2005 | iControl Networks, Inc. | Communication and automation in a premises management system |
| 11809174, | Feb 28 2007 | iControl Networks, Inc. | Method and system for managing communication connectivity |
| 11810445, | Mar 16 2004 | iControl Networks, Inc. | Cross-client sensor user interface in an integrated security network |
| 11811845, | Mar 16 2004 | iControl Networks, Inc. | Communication protocols over internet protocol (IP) networks |
| 11815969, | Aug 10 2007 | iControl Networks, Inc. | Integrated security system with parallel processing architecture |
| 11816323, | Jun 25 2008 | iControl Networks, Inc. | Automation system user interface |
| 11824675, | Mar 16 2005 | iControl Networks, Inc. | Networked touchscreen with integrated interfaces |
| 11831462, | Aug 24 2007 | iControl Networks, Inc. | Controlling data routing in premises management systems |
| 11856502, | Apr 30 2009 | ICONTROL NETWORKS, INC | Method, system and apparatus for automated inventory reporting of security, monitoring and automation hardware and software at customer premises |
| 11893874, | Mar 16 2004 | iControl Networks, Inc. | Networked touchscreen with integrated interfaces |
| 11894986, | Jun 12 2007 | iControl Networks, Inc. | Communication protocols in integrated systems |
| 11900790, | Sep 28 2010 | iControl Networks, Inc. | Method, system and apparatus for automated reporting of account and sensor zone information to a central station |
| 11916870, | Mar 16 2004 | iControl Networks, Inc. | Gateway registry methods and systems |
| 11916928, | Jan 24 2008 | iControl Networks, Inc. | Communication protocols over internet protocol (IP) networks |
| 6006272, | Feb 23 1998 | WSOU Investments, LLC | Method for network address translation |
| 6026441, | Dec 16 1997 | Open Invention Network, LLC | Method for establishing communication on the internet with a client having a dynamically assigned IP address |
| 6038233, | Jul 04 1996 | Hitachi, Ltd. | Translator for IP networks, network system using the translator, and IP network coupling method therefor |
| 6055236, | Mar 05 1998 | Hewlett Packard Enterprise Development LP | Method and system for locating network services with distributed network address translation |
| 6058431, | Apr 23 1998 | ASCEND COMMUNICATIONS, INC | System and method for network address translation as an external service in the access server of a service provider |
| 6061349, | Nov 03 1995 | Cisco Technology, Inc | System and method for implementing multiple IP addresses on multiple ports |
| 6075783, | Mar 06 1997 | Verizon Patent and Licensing Inc | Internet phone to PSTN cellular/PCS system |
| 6098172, | Sep 12 1997 | THE CHASE MANHATTAN BANK, AS COLLATERAL AGENT | Methods and apparatus for a computer network firewall with proxy reflection |
| 6108583, | Oct 28 1997 | Georgia Tech Research Corporation | Adaptive data security system and method |
| 6111883, | Jul 12 1996 | Hitachi, LTD | Repeater and network system utilizing the same |
| 6125113, | Apr 18 1996 | Verizon Patent and Licensing Inc | Internet telephone service |
| 6128298, | Apr 26 1996 | RPX CLEARINGHOUSE LLC | Internet protocol filter |
| 6128664, | Oct 20 1997 | Fujitsu Limited | Address-translating connection device |
| 6130892, | Mar 12 1997 | NOMADIX, INC | Nomadic translator or router |
| 6151325, | Mar 31 1997 | Cisco Systems, Inc | Method and apparatus for high-capacity circuit switching with an ATM second stage switch |
| 6151629, | Mar 02 1998 | Hewlett Packard Enterprise Development LP | Triggered remote dial-up for internet access |
| 6185204, | Mar 06 1997 | Verizon Patent and Licensing Inc | Internet phone to PSTN cellular/PCS system |
| 6212561, | Oct 08 1998 | Cisco Technology, Inc | Forced sequential access to specified domains in a computer network |
| 6222842, | Oct 10 1996 | Hewlett Packard Enterprise Development LP | System providing for multiple virtual circuits between two network entities |
| 6243379, | Apr 04 1997 | Ramp Networks, Inc.; RAMP NETWORKS, INC | Connection and packet level multiplexing between network links |
| 6247062, | Feb 01 1999 | Cisco Technology, Inc. | Method and apparatus for routing responses for protocol with no station address to multiple hosts |
| 6252878, | Oct 30 1997 | ITT Manufacturing Enterprises, Inc | Switched architecture access server |
| 6253247, | Nov 21 1996 | FATPIPE NETWORKS PRIVATE LIMITED | System and method for transmitting a user's data packets concurrently over different telephone lines between two computer networks |
| 6269096, | Aug 14 1998 | Cisco Technology, Inc | Receive and transmit blocks for asynchronous transfer mode (ATM) cell delineation |
| 6269099, | Jul 01 1998 | Hewlett Packard Enterprise Development LP | Protocol and method for peer network device discovery |
| 6282546, | Jun 30 1998 | Cisco Technology, Inc | System and method for real-time insertion of data into a multi-dimensional database for network intrusion detection and vulnerability assessment |
| 6301668, | Dec 29 1998 | Cisco Technology, Inc | Method and system for adaptive network security using network vulnerability assessment |
| 6324585, | Nov 19 1998 | Cisco Technology, Inc | Method and apparatus for domain name service request resolution |
| 6324656, | Jun 30 1998 | Cisco Technology, Inc | System and method for rules-driven multi-phase network vulnerability assessment |
| 6336141, | Jan 08 1997 | Hitachi, Ltd. | Method of collectively managing dispersive log, network system and relay computer for use in the same |
| 6337861, | Feb 02 1999 | Cisco Technology, Inc. | Method and apparatus to properly route ICMP messages in a tag-switching network |
| 6349357, | Mar 04 1999 | Oracle America, Inc | Storage architecture providing scalable performance through independent control and data transfer paths |
| 6353614, | Mar 05 1998 | HEWLETT-PACKARD DEVELOPMENT COMPANY, L P | Method and protocol for distributed network address translation |
| 6353891, | Mar 20 2000 | Hewlett Packard Enterprise Development LP | Control channel security for realm specific internet protocol |
| 6370605, | Mar 04 1999 | Oracle America, Inc | Switch based scalable performance storage architecture |
| 6377990, | Jun 15 1998 | GATE WORLDWIDE HOLDINGS LLC | System for providing internet access from locations different from those for which the user's software was configured |
| 6381245, | Sep 04 1998 | Cisco Technology, Inc.; Cisco Technology, Inc | Method and apparatus for generating parity for communication between a physical layer device and an ATM layer device |
| 6381633, | May 09 1997 | ZARBAÑA DIGITAL FUND LLC | System and method for managing multimedia messaging platforms |
| 6381646, | Nov 03 1998 | CISCO TECHNOLGY, INC | Multiple network connections from a single PPP link with partial network address translation |
| 6396833, | Dec 02 1998 | Cisco Technology, Inc | Per user and network routing tables |
| 6397267, | Mar 04 1999 | Oracle America, Inc | Redirected I/O for scalable performance storage architecture |
| 6415321, | Dec 29 1998 | Cisco Systems, Inc; Cisco Technology, Inc | Domain mapping method and system |
| 6418476, | Jun 29 1998 | RPX CLEARINGHOUSE LLC | Method for synchronizing network address translator (NAT) tables using the open shortest path first opaque link state advertisement option protocol |
| 6425003, | Jan 22 1999 | Cisco Technology, Inc | Method and apparatus for DNS resolution |
| 6427170, | Dec 08 1998 | Cisco Technology, Inc | Integrated IP address management |
| 6430623, | Jan 29 1998 | HANGER SOLUTIONS, LLC | Domain name routing |
| 6442616, | Jan 16 1997 | Kabushiki Kaisha Toshiba | Method and apparatus for communication control of mobil computers in communication network systems using private IP addresses |
| 6449655, | Jan 08 1999 | Cisco Technology, Inc. | Method and apparatus for communication between network devices operating at different frequencies |
| 6453357, | Jan 07 1999 | Cisco Technology, Inc. | Method and system for processing fragments and their out-of-order delivery during address translation |
| 6457061, | Nov 24 1998 | PMC-SIERRA US, INC | Method and apparatus for performing internet network address translation |
| 6467049, | Oct 15 1999 | Cisco Technology, Inc | Method and apparatus for configuration in multi processing engine computer systems |
| 6480508, | May 12 1999 | NETGEAR, Inc; NETGEAR HOLDINGS LIMITED, A LIMITED LIABILITY | Router-based domain name system proxy agent using address translation |
| 6480900, | Jan 06 1998 | Bull, S.A. | Communication method in a set of distributed systems via an internet type network |
| 6484315, | Feb 01 1999 | Cisco Technology, Inc. | Method and system for dynamically distributing updates in a network |
| 6487605, | Jun 30 1998 | Cisco Technology, Inc. | Mobile IP mobility agent standby protocol |
| 6487666, | Jan 15 1999 | Cisco Technology, Inc. | Intrusion detection signature analysis using regular expressions and logical operators |
| 6490289, | Nov 03 1998 | Cisco Technology, Inc | Multiple network connections from a single PPP link with network address translation |
| 6490290, | Dec 30 1998 | Cisco Technology, Inc | Default internet traffic and transparent passthrough |
| 6496505, | Dec 11 1998 | Lucent Technologies, INC | Packet tunneling optimization to wireless devices accessing packet-based wired networks |
| 6496867, | Aug 27 1999 | Hewlett Packard Enterprise Development LP | System and method to negotiate private network addresses for initiating tunneling associations through private and/or public networks |
| 6499107, | Dec 29 1998 | Cisco Systems, Inc; Cisco Technology, Inc | Method and system for adaptive network security using intelligent packet analysis |
| 6502192, | Sep 03 1998 | Cisco Technology, Inc | Security between client and server in a computer network |
| 6510154, | Nov 03 1995 | Cisco Technology, Inc. | Security system for network address translation systems |
| 6512768, | Feb 26 1999 | Cisco Technology, Inc. | Discovery and tag space identifiers in a tag distribution protocol (TDP) |
| 6523068, | Aug 27 1999 | Hewlett Packard Enterprise Development LP | Method for encapsulating and transmitting a message includes private and forwarding network addresses with payload to an end of a tunneling association |
| 6529937, | Jan 29 1999 | International Business Machines Corporation | System and method for communicating client IP addresses to server applications |
| 6535511, | Jan 07 1999 | Cisco Technology, Inc. | Method and system for identifying embedded addressing information in a packet for translation between disparate addressing systems |
| 6535520, | Aug 14 1998 | Cisco Technology, Inc | System and method of operation for managing data communication between physical layer devices and ATM layer devices |
| 6549972, | Nov 22 1999 | International Business Machines Corporation | Method and system for providing control accesses between a device on a non-proprietary bus and a device on a proprietary bus |
| 6563824, | Apr 20 1999 | HEWLETT-PACKARD DEVELOPMENT COMPANY, L P | Apparatus and methods for determining the correct workstation within a LAN for a LAN modem to route a packet |
| 6567405, | Mar 05 1998 | HEWLETT-PACKARD DEVELOPMENT COMPANY, L P | Method and protocol for distributed network address translation |
| 6567917, | Feb 01 1999 | Cisco Technology, Inc. | Method and system for providing tamper-resistant executable software |
| 6578147, | Jan 15 1999 | Cisco Technology, Inc. | Parallel intrusion detection sensors with load balancing for high speed networks |
| 6580717, | Jul 02 1997 | Hitachi, LTD | Packet communication method and apparatus and a recording medium storing a packet communication program |
| 6580951, | Jun 13 2001 | Ultrak, Inc. | Communications distribution apparatus and method |
| 6584509, | Jun 23 1998 | Intel Corporation | Recognizing audio and video streams over PPP links in the absence of an announcement protocol |
| 6597957, | Dec 20 1999 | Cisco Technology, Inc. | System and method for consolidating and sorting event data |
| 6604155, | Nov 09 1999 | Oracle America, Inc | Storage architecture employing a transfer node to achieve scalable performance |
| 6609205, | Mar 18 1999 | Cisco Technology, Inc | Network intrusion detection signature analysis using decision graphs |
| 6614788, | Mar 03 1998 | Oracle America, Inc | Network address management |
| 6615357, | Jan 29 1999 | International Business Machines Corporation | System and method for network address translation integration with IP security |
| 6625145, | Dec 30 1998 | Telefonaktiebolaget LM Ericsson | Use of lower IP-address bits |
| 6636499, | Dec 02 1999 | Cisco Technology, Inc | Apparatus and method for cluster network device discovery |
| 6661799, | Sep 13 2000 | Alcatel USA Sourcing, Inc | Method and apparatus for facilitating peer-to-peer application communication |
| 6667974, | May 26 1999 | Oki Electric Industry Co., Ltd. | Packet repeater machine and packet relay method |
| 6690411, | Jul 20 1999 | Comcast Cable Communications, LLC | Security system |
| 6690669, | Nov 01 1996 | Hitachi, Ltd. | Communicating method between IPv4 terminal and IPv6 terminal and IPv4-IPv6 converting apparatus |
| 6697354, | Mar 05 1998 | Hewlett Packard Enterprise Development LP | Method and system for distributed network address translation for mobile network devices |
| 6700872, | Dec 11 1998 | Cisco Technology, Inc. | Method and system for testing a utopia network element |
| 6708219, | Oct 26 1999 | Hewlett Packard Enterprise Development LP | Method and system for dual-network address utilization |
| 6721314, | May 20 1999 | WSOU Investments, LLC | Method and apparatus for applying once-only processing in a data network |
| 6721317, | Mar 04 1999 | Sun Microsystems, Inc. | Switch-based scalable performance computer memory architecture |
| 6724724, | Jan 21 1999 | Cisco Technology, Inc. | System and method for resolving an electronic address |
| 6725264, | Feb 17 2000 | Cisco Technology, Inc | Apparatus and method for redirection of network management messages in a cluster of network devices |
| 6731642, | May 03 1999 | UNILOC 2017 LLC | Internet telephony using network address translation |
| 6738382, | Feb 24 1999 | GUEST TEK INTERACTIVE ENTERTAINMENT LTD | Methods and apparatus for providing high speed connectivity to a hotel environment |
| 6742126, | Oct 07 1999 | Cisco Technology, Inc | Method and apparatus for identifying a data communications session |
| 6745243, | Jun 30 1998 | INTERNATIONAL LICENSE EXCHANGE OF AMERICA, LLC | Method and apparatus for network caching and load balancing |
| 6751233, | Jan 08 1999 | Cisco Technology, Inc. | UTOPIA 2--UTOPIA 3 translator |
| 6751728, | Jun 16 1999 | Microsoft Technology Licensing, LLC | System and method of transmitting encrypted packets through a network access point |
| 6754212, | Jul 12 1996 | Hitachi, Ltd. | Repeater and network system utililzing the same |
| 6768743, | Oct 26 1999 | Hewlett Packard Enterprise Development LP | Method and system for address server redirection for multiple address networks |
| 6772227, | Jan 29 1998 | HANGER SOLUTIONS, LLC | Communicating between address spaces |
| 6775657, | Dec 22 1999 | Cisco Technology, Inc.; Cisco Technology, Inc | Multilayered intrusion detection system and method |
| 6785821, | Jan 08 1999 | Cisco Technology, Inc. | Intrusion detection system and method having dynamically loaded signatures |
| 6792546, | Jan 15 1999 | Cisco Technology, Inc. | Intrusion detection signature analysis using regular expressions and logical operators |
| 6795816, | May 31 2000 | Alcatel | Method and device for translating telecommunication network IP addresses by a leaky-controlled memory |
| 6795852, | Sep 11 1995 | GATE WORLDWIDE HOLDINGS LLC | Automatic network connection |
| 6795917, | Dec 31 1997 | Tectia Oyj | Method for packet authentication in the presence of network address translations and protocol conversions |
| 6804247, | Oct 10 1996 | Hewlett Packard Enterprise Development LP | System providing for multiple virtual circuits between two network entities |
| 6816973, | Dec 29 1998 | Cisco Technology, Inc. | Method and system for adaptive network security using intelligent packet analysis |
| 6822957, | Mar 05 1998 | Hewlett Packard Enterprise Development LP | Distributed network address translation for a network telephony system |
| 6829239, | Apr 20 1999 | Hewlett Packard Enterprise Development LP | Apparatus and methods for determining the correct workstation within a LAN for a LAN modem to route a packet |
| 6831917, | May 10 2000 | Cisco Technology, Inc. | Network address translation for multicast virtual sourcing |
| 6832322, | Jan 29 1999 | International Business Machines Corporation | System and method for network address translation integration with IP security |
| 6839829, | Jan 18 2000 | Cisco Technology, Inc. | Routing protocol based redundancy design for shared-access networks |
| 6845097, | Nov 21 2001 | FCO V CLO TRANSFEROR LLC | Device, system, method and computer readable medium for pairing of devices in a short distance wireless network |
| 6856591, | Dec 15 2000 | Cisco Technology, Inc | Method and system for high reliability cluster management |
| 6857009, | Oct 22 1999 | GATE WORLDWIDE HOLDINGS LLC | System and method for network access without reconfiguration |
| 6865426, | Oct 28 1997 | Georgia Tech Research Corporation | Adaptive data security systems and methods |
| 6880087, | Oct 08 1999 | Cisco Technology, Inc.; Cisco Technology, Inc | Binary state machine system and method for REGEX processing of a data stream in an intrusion detection system |
| 6885667, | Dec 26 2000 | Cisco Technology, Inc. | Redirection to a virtual router |
| 6909878, | Aug 20 2002 | IXI MOBILE ISRAEL LTD | Method, system and computer readable medium for providing an output signal having a theme to a device in a short distance wireless network |
| 6910133, | Apr 11 2000 | Cisco Technology, Inc | Reflected interrupt for hardware-based encryption |
| 6912219, | Nov 01 1996 | Hitachi, Ltd. | Communicating method between IPv4 terminal and IPv6 terminal and IPv4 converting apparatus |
| 6912592, | Jan 05 2001 | ARISTA NETWORKS, INC | Method and system of aggregate multiple VLANs in a metropolitan area network |
| 6914905, | Jun 16 2000 | ARISTA NETWORKS, INC | Method and system for VLAN aggregation |
| 6917626, | Nov 30 1999 | Cisco Technology, Inc | Apparatus and method for automatic cluster network device address assignment |
| 6918044, | Oct 15 1999 | Cisco Technology, Inc | Password protection for high reliability computer systems |
| 6920136, | Nov 01 1996 | Hitachi, Ltd. | Communicating method between IPv4 terminal and IPv6 terminal and IPv4-IPv6 converting apparatus |
| 6920137, | Nov 01 1996 | Hitachi, Ltd. | Communicating method between IPv4 terminal and IPv6 terminal and IPv4-IPv6 converting apparatus |
| 6920138, | Nov 01 1996 | Alaxala Networks Corporation | Communication method between IPv4 terminal and IPv6 terminal and IPv4-IPv6 converting apparatus |
| 6928077, | Nov 01 1996 | Hitachi, Ltd. | Communicating method between IPv4 terminal and IPv6 terminal and IPv4-IPv6 converting apparatus |
| 6930599, | Jul 20 1999 | Comcast Cable Communications, LLC | Security system |
| 6934754, | Apr 03 2000 | GUEST TEK INTERACTIVE ENTERTAINMENT LTD | Methods and apparatus for processing network data transmissions |
| 6941467, | Mar 08 2002 | JPMORGAN CHASE BANK, N A , AS ADMINISTRATIVE AGENT | Systems and methods for adaptive message interrogation through multiple queues |
| 6944672, | Jan 07 1999 | Cisco Technology, Inc. | Method and system for processing fragments and their out-of-order delivery during address translation |
| 6948074, | Mar 09 2000 | HEWLETT-PACKARD DEVELOPMENT COMPANY, L P | Method and system for distributed generation of unique random numbers for digital tokens |
| 6950436, | Dec 29 1995 | Hitachi, Ltd. | Network data communication system |
| 6954775, | Jan 15 1999 | Cisco Technology, Inc. | Parallel intrusion detection sensors with load balancing for high speed networks |
| 6957045, | Oct 26 2001 | IXI MOBILE ISRAEL LTD | Device, system, computer readable medium and method for providing status information of devices in a short distance wireless network |
| 6957346, | Jun 15 1999 | SSH Communications Security OYJ | Method and arrangement for providing security through network address translations using tunneling and compensations |
| 6961783, | Dec 21 2001 | JPMORGAN CHASE BANK, N A ; MORGAN STANLEY SENIOR FUNDING, INC | DNS server access control system and method |
| 6965946, | Jan 17 1996 | Kabushiki Kaisha Toshiba | Method and apparatus for communication control of mobile computers in communication network systems using private IP addresses |
| 6968377, | Dec 29 1998 | Cisco Technology, Inc. | Method and system for mapping a network for system security |
| 6981038, | Jan 23 2001 | International Business Machines Corporation | Methods, systems and computer program products for determining simple network management protocol (SNMP) object identifiers in a management information base (MIB) file |
| 6981278, | Sep 05 2000 | International Business Machines Corporation | System and method for secure dual channel communication through a firewall |
| 6982978, | Dec 02 1998 | Cisco Technology, Inc. | Per user and network routing tables |
| 6983319, | Apr 06 2001 | CA, INC | Dynamic port management |
| 6985485, | Nov 01 1996 | Hitachi, Ltd. | Communicating method between IPv4 terminal and IPv6 terminal and IPv4-IPv6 converting apparatus |
| 6990481, | Feb 25 2000 | Intellectual Ventures I LLC | System and method for content management over network storage devices |
| 6996073, | Feb 24 1999 | GUEST TEK INTERACTIVE ENTERTAINMENT LTD | Methods and apparatus for providing high speed connectivity to a hotel environment |
| 6996621, | Dec 07 1999 | VALTRUS INNOVATIONS LIMITED | Method for supporting secondary address delivery on remote access servers |
| 7006431, | Jun 29 1999 | Cisco Technology, Inc. | Load sharing and redundancy scheme |
| 7006436, | Nov 13 2001 | AT&T Corp. | Method for providing voice-over-IP service |
| 7006520, | Aug 14 1998 | Cisco Technology, Inc. | System and method of operation for managing data communication between physical layer devices and ATM layer devices |
| 7010574, | May 09 1997 | ZARBAÑA DIGITAL FUND LLC | System and method for managing multimedia messaging platforms |
| 7013112, | Dec 18 2001 | FCO V CLO TRANSFEROR LLC | Method, system and computer readable medium for making a business decision in response to information from a short distance wireless network |
| 7015806, | Jul 20 1999 | Comcast Cable Communications, LLC | Distributed monitoring for a video security system |
| 7016334, | Aug 17 2001 | FCO V CLO TRANSFEROR LLC | Device, system, method and computer readable medium for fast recovery of IP address change |
| 7016648, | Dec 18 2001 | FCO V CLO TRANSFEROR LLC | Method, system and computer readable medium for downloading a software component to a device in a short distance wireless network |
| 7020140, | Aug 14 1998 | Cisco Technology, Inc. | Receive and transmit blocks for asynchronous transfer mode (ATM) cell delineation |
| 7028100, | Jul 12 2000 | The Distribution Systems Research Institute | Integrated information communication system for detecting and discarding external data packets that violate addressing rules |
| 7028335, | Mar 05 1998 | Hewlett Packard Enterprise Development LP | Method and system for controlling attacks on distributed network address translation enabled networks |
| 7032242, | Mar 05 1998 | Hewlett Packard Enterprise Development LP | Method and system for distributed network address translation with network security features |
| 7036141, | Sep 11 1998 | Teliasonera AB | Transmission system, a method and an apparatus providing access for IP data packets to a firewall protected network |
| 7039033, | May 07 2001 | FCO V CLO TRANSFEROR LLC | System, device and computer readable medium for providing a managed wireless network using short-range radio signals |
| 7039721, | Jan 26 2001 | JPMORGAN CHASE BANK, N A , AS ADMINISTRATIVE AGENT | System and method for protecting internet protocol addresses |
| 7042876, | Sep 12 2000 | Cisco Technology, Inc. | Stateful network address translation protocol implemented over a data network |
| 7043553, | Oct 07 1999 | Cisco Technology, Inc | Method and apparatus for securing information access |
| 7047561, | Sep 28 2000 | Genband US LLC; SILICON VALLEY BANK, AS ADMINISTRATIVE AGENT | Firewall for real-time internet applications |
| 7051116, | Jun 21 2001 | UNWIRED BROADBAND, INC | Client device identification when communicating through a network address translator device |
| 7054944, | Dec 19 2001 | Intel Corporation | Access control management system utilizing network and application layer access control lists |
| 7058007, | Jan 18 2000 | Cisco Technology, Inc. | Method for a cable modem to rapidly switch to a backup CMTS |
| 7058714, | Aug 29 2000 | Alcatel | Special gateway for multimedia networks |
| 7065047, | Oct 22 2001 | Smith Micro Software, Inc | System and method of providing computer networking |
| 7072339, | Nov 01 1996 | Hitachi, Ltd. | Communicating method between IPv4 terminal and IPv6 terminal and IPv4-IPv6 converting apparatus |
| 7072981, | Dec 21 2000 | Cisco Technology, Inc. | Preallocation of client network address translation addresses for client-server networks |
| 7085267, | Apr 27 2001 | International Business Machines Corporation | Methods, systems and computer program products for translating internet protocol (IP) addresses located in a payload of a packet |
| 7088726, | Jul 04 1996 | Hitachi, Ltd. | Translator for IP networks, network system using the translator, and IP network coupling method therefor |
| 7088727, | Mar 12 1997 | GATE WORLDWIDE HOLDINGS LLC | System and method for establishing network connection with unknown network and/or user device |
| 7089328, | Dec 29 2000 | Cisco Technology, Inc. | Method allocation scheme for maintaining server load balancers services in a high throughput environment |
| 7089590, | Mar 08 2002 | JPMORGAN CHASE BANK, N A , AS ADMINISTRATIVE AGENT | Systems and methods for adaptive message interrogation through multiple queues |
| 7092399, | Oct 16 2001 | Cisco Technology, Inc. | Redirecting multiple requests received over a connection to multiple servers and merging the responses over the connection |
| 7092712, | Dec 27 1996 | AT&T MOBILITY II LLC | Method and apparatus for alerting a station in one network of a requested communication from a second network |
| 7096498, | Mar 08 2002 | JPMORGAN CHASE BANK, N A , AS ADMINISTRATIVE AGENT | Systems and methods for message threat management |
| 7103152, | Feb 01 2002 | Comcast Cable Communications, LLC | Lifestyle multimedia security system |
| 7107614, | Jan 29 1999 | TREND MICRO INCORPORATED | System and method for network address translation integration with IP security |
| 7110390, | Apr 20 1999 | Verizon Patent and Licensing Inc | Communication controller for providing multiple access using a single telephone line |
| 7113508, | Nov 03 1995 | Cisco Technology, Inc. | Security system for network address translation systems |
| 7119609, | Feb 01 2002 | Comcast Cable Communications, LLC | Lifestyle multimedia security system |
| 7120232, | Feb 01 2002 | Comcast Cable Communications, LLC | Lifestyle multimedia security system |
| 7120233, | Feb 01 2002 | Comcast Cable Communications, LLC | Lifestyle multimedia security system |
| 7124438, | Mar 08 2002 | JPMORGAN CHASE BANK, N A , AS ADMINISTRATIVE AGENT | Systems and methods for anomaly detection in patterns of monitored communications |
| 7130383, | Feb 01 2002 | Comcast Cable Communications, LLC | Lifestyle multimedia security system |
| 7136383, | Dec 26 2000 | Cisco Technology, Inc. | Redirection to a virtual router |
| 7139828, | Aug 30 2002 | F POSZAT HU, L L C | Accessing an entity inside a private network |
| 7139841, | Jul 24 2002 | Cisco Technology, Inc. | Method and apparatus for handling embedded address in data sent through multiple network address translation (NAT) devices |
| 7158514, | Jul 21 2000 | Alaxala Networks Corporation | Multicast routing method and apparatus for routing multicast packet |
| 7158526, | Jul 04 1996 | Hitachi, Ltd. | Packet communication method and apparatus and a recording medium storing a packet communication program |
| 7167680, | Feb 05 2003 | IXI MOBILE ISRAEL LTD | Method, system and computer readable medium for adjusting output signals for a plurality of devices in a short distance wireless network responsive to a selected environment |
| 7171492, | Feb 24 2000 | Resource Consortium Limited | Method and application programming interface for assigning multiple network addresses |
| 7174376, | Jun 28 2002 | Cisco Technology, Inc. | IP subnet sharing technique implemented without using bridging or routing protocols |
| 7177908, | May 09 1997 | ZARBAÑA DIGITAL FUND LLC | System and method for managing multimedia messaging platforms |
| 7177947, | Jun 10 2002 | Cisco Technology, Inc. | Method and apparatus for DNS resolution |
| 7191331, | Jun 13 2002 | Nvidia Corporation | Detection of support for security protocol and address translation integration |
| 7193998, | Nov 01 1996 | Hitachi, Ltd. | Communicating method between IPv4 terminal and IPv6 terminal and IPv4-IPv6 converting apparatus |
| 7203166, | Nov 13 2001 | AT&T Corp. | Method for providing voice-over-IP service |
| 7213260, | Mar 08 2002 | JPMORGAN CHASE BANK, N A , AS ADMINISTRATIVE AGENT | Systems and methods for upstream threat pushback |
| 7225466, | Mar 08 2002 | JPMORGAN CHASE BANK, N A , AS ADMINISTRATIVE AGENT | Systems and methods for message threat management |
| 7227838, | Dec 14 2001 | Cisco Technology, Inc. | Enhanced internal router redundancy |
| 7227863, | Nov 09 2001 | Cisco Technology, Inc. | Methods and apparatus for implementing home agent redundancy |
| 7227872, | Jun 28 2002 | Cisco Technology, Inc. | Mechanisms for providing stateful NAT support in redundant and asymetric routing environments |
| 7240368, | Apr 14 1999 | Raytheon BBN Technologies Corp | Intrusion and misuse deterrence system employing a virtual network |
| 7243141, | May 13 2002 | Sony Interactive Entertainment LLC | Network configuration evaluation |
| 7248591, | Jul 04 1996 | Alaxala Networks Corporation | Translator for IP networks, network system using the translator, and IP network coupling method therefor |
| 7251247, | Jul 04 1996 | Alaxala Networks Corporation | Translator for IP networks, network system using the translator, and IP network coupling method therefor |
| 7260599, | Mar 07 2003 | HYPERSPACE COMMUNICATIONS, INC | Supporting the exchange of data by distributed applications |
| 7266604, | Mar 31 2000 | Microsoft Technology Licensing, LLC | Proxy network address translation |
| 7280557, | Jun 28 2002 | Cisco Technology, Inc. | Mechanisms for providing stateful NAT support in redundant and asymetric routing environments |
| 7283540, | Jul 04 1996 | Alaxala Networks Corporation | Translator for IP networks, network system using the translator, and IP network coupling method therefor |
| 7286529, | Feb 26 1999 | Cisco Technology, Inc. | Discovery and tag space identifiers in a tag distribution protocol (TDP) |
| 7295532, | Aug 17 2001 | FCO V CLO TRANSFEROR LLC | System, device and computer readable medium for providing networking services on a mobile device |
| 7301952, | Apr 06 2000 | The Distribution Systems Research Institute | Terminal-to-terminal communication connection control method using IP transfer network |
| 7308579, | Mar 15 2002 | Method and system for internationally providing trusted universal identification over a global communications network | |
| 7334049, | Dec 21 2001 | Cisco Technology, Inc.; Cisco Technology, Inc | Apparatus and methods for performing network address translation (NAT) in a fully connected mesh with NAT virtual interface (NVI) |
| 7337219, | May 30 2003 | CALLAHAN CELLULAR L L C | Classifying devices using a local proxy server |
| 7353511, | Feb 01 1999 | Cisco Technology, Inc. | Method and system for dynamically distributing updates in a network |
| 7356571, | Oct 07 2002 | IXI MOBILE ISRAEL LTD | System, method and processor readable medium for downloading information within a predetermined period of time to a device in a network responsive to price selection |
| 7362747, | Aug 08 2000 | France Telecom | Translation of identifiers of user installation terminal in a packet network |
| 7366901, | Aug 01 2003 | IXI MOBILE ISRAEL LTD | Device, system, method and computer readable medium for identifying and authenticating a cellular device using a short-range radio address |
| 7369648, | Jul 06 2000 | RPX Corporation | Apparatus and method for PBX-integrated unified messaging services on a switched backbone |
| 7383339, | Jul 31 2002 | GOOGLE LLC | Local proxy server for establishing device controls |
| 7385989, | Jul 04 1996 | Alaxala Networks Corporation | Packet communication method and apparatus and a recording medium storing a packet communication program |
| 7401354, | Jan 29 1999 | International Business Machines Corporation | System and method for network address translation integration with IP Security |
| 7403520, | Jul 21 2000 | Alaxala Networks Corporation | Multicast routing method and apparatus for routing multicast packet |
| 7403522, | Jul 21 2000 | Alaxala Networks Corporation | Multicast routing method and apparatus for routing multicast packet |
| 7404206, | Jul 17 2001 | EMC IP HOLDING COMPANY LLC | Network security devices and methods |
| 7406709, | Sep 09 2002 | AUDIOCODES, INC | Apparatus and method for allowing peer-to-peer network traffic across enterprise firewalls |
| 7409045, | Feb 01 2002 | Comcast Cable Communications, LLC | Lifestyle multimedia security system |
| 7412722, | Aug 08 2002 | PALO ALTO NETWORKS, INC | Detection of softswitch attacks |
| 7415521, | Mar 31 2004 | International Business Machines Corporation | Method for controlling client access |
| 7420932, | Dec 30 1998 | Cisco Technology, Inc. | Default internet traffic and transparent passthrough |
| 7421736, | Jul 02 2002 | Lucent Technologies Inc. | Method and apparatus for enabling peer-to-peer virtual private network (P2P-VPN) services in VPN-enabled network |
| 7426208, | Aug 30 2001 | UNIFY GMBH & CO KG | Pre-processing of NAT addresses |
| 7437457, | Sep 08 2003 | GOOGLE LLC | Regulating concurrent logins associated with a single account |
| 7440456, | Jun 08 2001 | The Distribution Systems Research Institute | Terminal-to-terminal communication connection control system for IP full service |
| 7443859, | Dec 18 2001 | WSOU Investments, LLC | Method and apparatus for address allocation in GPRS networks that facilitates end-to-end security |
| 7443865, | Apr 04 2002 | Cisco Technology, Inc. | Multiple network connections from a single PPP link with network address translation |
| 7447804, | Mar 20 2000 | Samsung Electronics Co., Ltd. | System and method for multi-telecommunication over local IP network |
| 7450505, | Jun 01 2001 | Fujitsu Limited | System and method for topology constrained routing policy provisioning |
| 7450560, | Mar 05 1998 | Hewlett Packard Enterprise Development LP | Method for address mapping in a network access system and a network access device for use therewith |
| 7458098, | Mar 08 2002 | JPMORGAN CHASE BANK, N A , AS ADMINISTRATIVE AGENT | Systems and methods for enhancing electronic communication security |
| 7480938, | Sep 05 2000 | International Business Machines Corporation | System and method for secure dual channel communication through a firewall |
| 7483417, | Apr 18 1996 | Verizon Patent and Licensing Inc | Telephony communication via varied redundant networks |
| 7484005, | Jun 21 2001 | UNWIRED BROADBAND, INC | Client device identification when communicating through a network address translator device |
| 7486660, | Mar 19 1997 | Verizon Services Corp. | Transport of caller identification information through diverse communication networks |
| 7505471, | Apr 06 2000 | The Distribution Systems Research Institute | Terminal-to-terminal communication connection control method using IP transfer network |
| 7509435, | Mar 12 2001 | International Business Machines Corporation | Network Address Translation and Port Mapping |
| 7516242, | Jul 12 2000 | The Distribution Systems Research Institute | Integrated information communication system using conversion table to convert an external packet into an internal packet by embedding a header |
| 7519994, | Mar 08 2002 | JPMORGAN CHASE BANK, N A , AS ADMINISTRATIVE AGENT | Systems and methods for adaptive message interrogation through multiple queues |
| 7522594, | Aug 19 2003 | ANYCONNECT PRIVATE LIMITED | Method and apparatus to permit data transmission to traverse firewalls |
| 7539194, | Dec 02 1998 | Cisco Technology, Inc. | Per user and network routing tables |
| 7545820, | Nov 30 1999 | Cisco Technology, Inc. | Apparatus and method for automatic cluster network device address assignment |
| 7551590, | May 07 2001 | FCO V CLO TRANSFEROR LLC | Wireless device having a single processor in a short-range radio network |
| 7554959, | Dec 02 1999 | Cisco Technology, Inc. | Apparatus and method for cluster network device discovery |
| 7554995, | Mar 12 1997 | GATE WORLDWIDE HOLDINGS LLC | System and method for establishing network connection with unknown network and/or user device |
| 7573873, | May 03 1999 | UNILOC 2017 LLC | Internet telephony using network address translation |
| 7577725, | Feb 25 2000 | Cisco Systems, Inc | IP address allocation in a network environment |
| 7577734, | Jul 30 2001 | Canon Kabushiki Kaisha | Load text execution apparatus, load test execution system, method thereof and program thereof |
| 7580376, | Feb 24 1999 | GUEST TEK INTERACTIVE ENTERTAINMENT LTD | Methods and apparatus for providing high speed connectivity to a hotel environment |
| 7583668, | Nov 03 1995 | Cisco Technology, Inc. | Security system for network address translation systems |
| 7593346, | Jul 31 2003 | Cisco Technology, Inc. | Distributing and balancing traffic flow in a virtual gateway |
| 7602784, | Feb 20 2001 | ANYCONNECT PRIVATE LIMITED | Method and apparatus to permit data transmission to traverse firewalls |
| 7653077, | Jul 04 1996 | Hitachi, Ltd. | Translator for IP networks, network system using the translator, and IP network coupling method therefor |
| 7656788, | Dec 15 2000 | Cisco Technology, Inc. | High-reliability cluster management |
| 7660909, | Dec 21 2000 | Cisco Technology, Inc. | Preallocation of client network address translation addresses for client-server networks |
| 7664097, | Jun 26 1996 | Verizon Patent and Licensing Inc | Telephone service via networking |
| 7676579, | May 13 2002 | Sony Interactive Entertainment LLC | Peer to peer network communication |
| 7688821, | Nov 21 2006 | IYUKO SERVICES L L C | Method and apparatus for distributing data packets by using multi-network address translation |
| 7689716, | Dec 08 1998 | GATE WORLDWIDE HOLDINGS LLC | Systems and methods for providing dynamic network authorization, authentication and accounting |
| 7693048, | Dec 14 2001 | Cisco Technology, Inc. | Enhanced internal router redundancy |
| 7693947, | Mar 08 2002 | JPMORGAN CHASE BANK, N A , AS ADMINISTRATIVE AGENT | Systems and methods for graphically displaying messaging traffic |
| 7694128, | Mar 08 2002 | JPMORGAN CHASE BANK, N A , AS ADMINISTRATIVE AGENT | Systems and methods for secure communication delivery |
| 7701952, | Jul 04 1996 | Hitachi, Ltd. | Packet communication method and apparatus and a recording medium storing a packet communication program |
| 7706278, | Jan 24 2007 | Cisco Technology, Inc. | Triggering flow analysis at intermediary devices |
| 7729267, | Nov 26 2003 | Cisco Technology, Inc.; Cisco Technology, Inc | Method and apparatus for analyzing a media path in a packet switched network |
| 7730190, | Nov 03 1995 | Cisco Technology, Inc. | System for distributing load over multiple servers at an internet site |
| 7733882, | Apr 06 2000 | The Distribution Systems Research Institute | Terminal-to-terminal communication connection control method using IP transfer network |
| 7738383, | Dec 21 2006 | Cisco Technology, Inc.; Cisco Technology, Inc | Traceroute using address request messages |
| 7746863, | Nov 01 1996 | Hitachi, Ltd. | Communicating method between IPv4 terminal and IPv6 terminal and IPv4-IPv6 converting apparatus |
| 7752334, | Oct 15 2002 | GATE WORLDWIDE HOLDINGS LLC | Intelligent network address translator and methods for network address translation |
| 7779156, | Jan 24 2007 | JPMORGAN CHASE BANK, N A , AS ADMINISTRATIVE AGENT | Reputation based load balancing |
| 7779466, | Mar 08 2002 | JPMORGAN CHASE BANK, N A , AS ADMINISTRATIVE AGENT | Systems and methods for anomaly detection in patterns of monitored communications |
| 7782883, | Apr 06 2000 | The Distribution Systems Research Institute | Terminal-to-terminal communication connection control method using IP transfer network |
| 7788345, | Jun 04 2001 | Cisco Technology, Inc. | Resource allocation and reclamation for on-demand address pools |
| 7788385, | Mar 31 2004 | International Business Machines Corporation | System and article of manufacture for controlling client access |
| 7792058, | Jun 16 2000 | ARISTA NETWORKS, INC | Method and system for VLAN aggregation |
| 7797433, | Jun 30 2000 | Net2Phone | System, method, and computer program product for resolving addressing in a network including a network address translator |
| 7813274, | Dec 30 2004 | CA, INC | Dynamic demultiplexing of network traffic |
| 7813332, | Mar 19 1997 | Verizon Patent and Licensing Inc | Voice call alternative routing through PSTN and internet networks |
| 7814230, | Jun 21 2001 | UNWIRED BROADBAND, INC | Client device identification when communicating through a network address translator device |
| 7817619, | Dec 18 1996 | Verizon Patent and Licensing Inc | Internet long distance telephone service |
| 7822873, | Oct 15 2002 | GATE WORLDWIDE HOLDINGS LLC | Intelligent network address translator and methods for network address translation |
| 7830860, | Mar 11 1997 | Verizon Patent and Licensing Inc | Packet data network voice call quality monitoring |
| 7836296, | Mar 18 1998 | Cisco Technology, Inc. | Method for blocking denial of service and address spoofing attacks on a private network |
| 7840988, | May 07 2004 | Cisco Technology, Inc. | Front-end structure for access network line card |
| 7849504, | Jul 17 2001 | EMC IP HOLDING COMPANY LLC | Network security devices and methods |
| 7856506, | Mar 05 2008 | SONY INTERACTIVE ENTERTAINMENT INC | Traversal of symmetric network address translator for multiple simultaneous connections |
| 7860094, | Jul 21 2000 | Alaxala Networks Corporation | Multicast routing method and apparatus for routing multicast packet |
| 7864780, | Apr 29 2003 | Cisco Technology, Inc. | Apparatus and methods for handling name resolution over IPV6 using NAT-PT and DNS-ALG |
| 7870203, | Mar 08 2002 | JPMORGAN CHASE BANK, N A , AS ADMINISTRATIVE AGENT | Methods and systems for exposing messaging reputation to an end user |
| 7881208, | Jun 18 2001 | Cisco Technology, Inc. | Gateway load balancing protocol |
| 7894427, | Jan 09 2006 | Cisco Technology, Inc. | Stateful network address translation protocol implemented over a data network |
| 7895312, | Jun 28 2002 | Cisco Technology, Inc. | IP subnet sharing technique implemented without using bridging or routing protocols |
| 7903549, | Mar 08 2002 | JPMORGAN CHASE BANK, N A , AS ADMINISTRATIVE AGENT | Content-based policy compliance systems and methods |
| 7903585, | Feb 15 2006 | Cisco Technology, Inc. | Topology discovery of a private network |
| 7908481, | Dec 17 1999 | AVAYA LLC | Routing data to one or more entities in a network |
| 7933273, | Jul 27 2007 | SONY INTERACTIVE ENTERTAINMENT INC | Cooperative NAT behavior discovery |
| 7937471, | Jun 03 2002 | F POSZAT HU, L L C | Creating a public identity for an entity on a network |
| 7937480, | Jun 02 2005 | JPMORGAN CHASE BANK, N A , AS ADMINISTRATIVE AGENT | Aggregation of reputation data |
| 7948968, | Sep 16 1997 | Verizon Patent and Licensing Inc | Network session management |
| 7948995, | Apr 05 2001 | The Distribution Systems Research Institute | Terminal-to-terminal communication connection control method using IP transfer network |
| 7949716, | Jan 24 2007 | JPMORGAN CHASE BANK, N A , AS ADMINISTRATIVE AGENT | Correlation and analysis of entity attributes |
| 7949785, | Mar 31 2003 | Intellectual Ventures I LLC | Secure virtual community network system |
| 7957382, | Jul 24 2002 | Cisco Technology, Inc. | Method and apparatus for handling embedded addresses in data sent through multiple network address translation (NAT) devices |
| 7957405, | Jul 04 1996 | Hitachi, Ltd. | Packet communication method and apparatus and a recording medium storing a packet communication program |
| 7958556, | Apr 14 1999 | Raytheon BBN Technologies Corp | Intrusion and misuse deterrence system employing a virtual network |
| 7965724, | Jul 04 1996 | Hitachi, Ltd. | Translator for IP networks, network system using the translator, and IP network coupling method therefor |
| 7966409, | Jan 18 2000 | Cisco Technology, Inc. | Routing protocol based redundancy design for shared-access networks |
| 7986660, | Oct 09 2000 | Qualcomm Incorporated | Channel allocation for communication system |
| 7991008, | Jun 26 2008 | Dell Products L P | Method for identifying the transmission control protocol stack of a connection |
| 7995478, | May 30 2007 | SONY INTERACTIVE ENTERTAINMENT INC | Network communication with path MTU size discovery |
| 8014283, | Jun 01 2001 | Fujitsu Limited | System and method for topology constrained QoS provisioning |
| 8015160, | Feb 25 2000 | Intellectual Ventures I LLC | System and method for content management over network storage devices |
| 8015300, | Mar 05 2008 | SONY INTERACTIVE ENTERTAINMENT INC | Traversal of symmetric network address translator for multiple simultaneous connections |
| 8027339, | Mar 12 1997 | GATE WORLDWIDE HOLDINGS LLC | System and method for establishing network connection |
| 8031716, | Nov 01 1996 | Hitachi, Ltd. | Communicating method between IPv4 terminal and IPv6 terminal and IPv4-IPv6 converting apparatus |
| 8042149, | Mar 08 2002 | JPMORGAN CHASE BANK, N A , AS ADMINISTRATIVE AGENT | Systems and methods for message threat management |
| 8042181, | Mar 08 2002 | JPMORGAN CHASE BANK, N A , AS ADMINISTRATIVE AGENT | Systems and methods for message threat management |
| 8045458, | Nov 08 2007 | JPMORGAN CHASE BANK, N A , AS ADMINISTRATIVE AGENT | Prioritizing network traffic |
| 8051176, | Nov 07 2002 | VALTRUS INNOVATIONS LIMITED | Method and system for predicting connections in a computer network |
| 8051206, | Oct 15 2002 | GATE WORLDWIDE HOLDINGS LLC | Intelligent network address translator and methods for network address translation |
| 8059661, | Dec 29 2004 | Cisco Technology, Inc.; Cisco Technology, Inc | Methods and apparatus for using DHCP for home address management of nodes attached to an edge device and for performing mobility and address management as a proxy home agent |
| 8060626, | Sep 22 2008 | Sony Interactive Entertainment LLC | Method for host selection based on discovered NAT type |
| 8064451, | May 10 2000 | Cisco Technology, Inc. | Network address translation for multicast virtual sourcing |
| 8069481, | Mar 08 2002 | JPMORGAN CHASE BANK, N A , AS ADMINISTRATIVE AGENT | Systems and methods for message threat management |
| 8072979, | Jun 12 2007 | The Distribution Systems Research Institute | Terminal-to-terminal communication control system for IP full service |
| 8077604, | Jun 29 1999 | Cisco Technology, Inc. | Load sharing and redundancy scheme |
| 8077738, | Dec 30 1998 | Cisco Technology, Inc. | Default internet traffic and transparent passthrough |
| 8090843, | Jun 03 2002 | F POSZAT HU, L L C | Creating a public identity for an entity on a network |
| 8108554, | May 16 2002 | F5 Networks, Inc. | Method and system for automatically mapping secure network address translations |
| 8117298, | Feb 26 1996 | GraphOn Corporation | Multi-homed web server |
| 8121113, | Aug 09 2007 | The Distribution Systems Research Institute | Terminal-to-terminal communication connection control method using IP transfer network |
| 8127023, | Mar 31 2004 | International Business Machines Corporation | Method, system and article of manufacture for controlling client access |
| 8127348, | Jun 15 1999 | SSH Communications Security OYJ | Method and arrangement for providing security through network address translations using tunneling and compensations |
| 8132250, | Mar 08 2002 | JPMORGAN CHASE BANK, N A , AS ADMINISTRATIVE AGENT | Message profiling systems and methods |
| 8144836, | Feb 01 2002 | Comcast Cable Communications, LLC | Lifestyle multimedia security system |
| 8156246, | Dec 08 1998 | GATE WORLDWIDE HOLDINGS LLC | Systems and methods for providing content and services on a network system |
| 8160975, | Jan 25 2008 | JPMORGAN CHASE BANK, N A , AS ADMINISTRATIVE AGENT | Granular support vector machine with random granularity |
| 8166549, | Jun 14 2001 | Stragent, LLC | Hash-based systems and methods for detecting and preventing transmission of polymorphic network worms and viruses |
| 8171123, | Dec 04 2007 | SONY INTERACTIVE ENTERTAINMENT INC | Network bandwidth detection and distribution |
| 8175096, | Feb 28 2006 | Hitachi, Ltd. | Device for protection against illegal communications and network system thereof |
| 8179798, | Jan 24 2007 | JPMORGAN CHASE BANK, N A , AS ADMINISTRATIVE AGENT | Reputation based connection throttling |
| 8185930, | Nov 06 2007 | JPMORGAN CHASE BANK, N A , AS ADMINISTRATIVE AGENT | Adjusting filter or classification control settings |
| 8203946, | Nov 13 2001 | AT&T Intellectual Property II, L.P. | Method for providing voice-over-IP service |
| 8204945, | Jun 19 2000 | Stragent, LLC | Hash-based systems and methods for detecting and preventing transmission of unwanted e-mail |
| 8209371, | Nov 07 2002 | Hewlett Packard Enterprise Development LP | Method and system for managing communication in a computer network using aliases of computer network addresses |
| 8214497, | Jan 24 2007 | JPMORGAN CHASE BANK, N A , AS ADMINISTRATIVE AGENT | Multi-dimensional reputation scoring |
| 8224985, | Oct 04 2005 | SONY INTERACTIVE ENTERTAINMENT INC | Peer-to-peer communication traversing symmetric network address translators |
| 8234358, | Aug 30 2002 | F POSZAT HU, L L C | Communicating with an entity inside a private network using an existing connection to initiate communication |
| 8234409, | Oct 15 2002 | GATE WORLDWIDE HOLDINGS LLC | Intelligent network address translator and methods for network address translation |
| 8239942, | Dec 30 2002 | Cisco Technology, Inc. | Parallel intrusion detection sensors with load balancing for high speed networks |
| 8244886, | Dec 08 1998 | GATE WORLDWIDE HOLDINGS LLC | Systems and methods for providing content and services on a network system |
| 8245288, | Jun 15 1999 | SSH Communications Security OYJ | Method and arrangement for providing security through network address translations using tunneling and compensations |
| 8266266, | Dec 08 1998 | GATE WORLDWIDE HOLDINGS LLC | Systems and methods for providing dynamic network authorization, authentication and accounting |
| 8266269, | Dec 08 1998 | GATE WORLDWIDE HOLDINGS LLC | Systems and methods for providing content and services on a network system |
| 8272060, | Jun 14 2001 | Stragent, LLC | Hash-based systems and methods for detecting and preventing transmission of polymorphic network worms and viruses |
| 8285848, | Feb 25 2000 | Cisco Technology, Inc. | IP address allocation in a network environment |
| 8321567, | Jan 19 2001 | Cisco Technology, Inc. | IP pool management utilizing an IP pool MIB |
| 8341296, | May 16 2002 | F5 Networks, Inc. | Method and system for automatically mapping secure network address translations |
| 8346861, | Feb 26 1996 | GraphOn Corporation | Web server with animation player |
| 8346890, | Feb 26 1996 | GraphOn Corporation | Multi-homed web server with compiled animation server |
| 8356073, | Feb 26 1996 | GraphOn Corporation | Multi-homed web server with animation player and programmable functionality |
| 8359368, | Feb 26 1996 | GraphOn Corporation | Multi-homed web server with animation player |
| 8359379, | Apr 30 2008 | NetApp, Inc | Method of implementing IP-based proxy server for ISCSI services |
| 8364754, | Feb 26 1996 | GraphOn Corporation | Multi-homed web server with compiled animation server and programmable functionality |
| 8364806, | Dec 08 1998 | GATE WORLDWIDE HOLDINGS LLC | Systems and methods for providing content and services on a network system |
| 8365273, | Jun 15 1999 | SSH Communications Security OYJ | Method and arrangement for providing security through network address translations using tunneling and compensations |
| 8370453, | Feb 26 1996 | GraphOn Corporation | Modular multi-homed web server with compiled animation server |
| 8370476, | Feb 26 1996 | GraphOn Corporation | Modular multi-homed web server with animation player |
| 8370477, | Dec 08 1998 | GATE WORLDWIDE HOLDINGS LLC | Systems and methods for providing content and services on a network system |
| 8370524, | Oct 15 2002 | GATE WORLDWIDE HOLDINGS LLC | Systems and methods for network address translation |
| 8379531, | Jul 17 2000 | Verizon Patent and Licensing Inc | Telephony communication via varied redundant networks |
| 8385342, | May 31 2001 | Fujitsu Limited | System and method of virtual private network route target filtering |
| 8510476, | Feb 15 2001 | BROOKS AUTOMATION HOLDING, LLC; Brooks Automation US, LLC | Secure remote diagnostic customer support network |
| 8520068, | Jul 20 1999 | Comcast Cable Communications, LLC | Video security system |
| 8544079, | Jun 15 1999 | SSH Communications Security OYJ | Method and arrangement for providing security through network address translations using tunneling and compensations |
| 8549611, | Mar 08 2002 | JPMORGAN CHASE BANK, N A , AS ADMINISTRATIVE AGENT | Systems and methods for classification of messaging entities |
| 8553677, | Apr 06 2000 | The Distribution Systems Research Institute | Terminal to-terminal communication connection control method using IP transfer network |
| 8553681, | Jun 26 1996 | Verizon Patent and Licensing Inc | Telephone service via packet-switched networking |
| 8559341, | Nov 08 2010 | Cisco Technology, Inc. | System and method for providing a loop free topology in a network environment |
| 8561167, | Mar 08 2002 | JPMORGAN CHASE BANK, N A , AS ADMINISTRATIVE AGENT | Web reputation scoring |
| 8565190, | Jul 27 2007 | SONY INTERACTIVE ENTERTAINMENT INC | NAT traversal for mobile network devices |
| 8578051, | Jan 24 2007 | JPMORGAN CHASE BANK, N A , AS ADMINISTRATIVE AGENT | Reputation based load balancing |
| 8578480, | Mar 08 2002 | JPMORGAN CHASE BANK, N A , AS ADMINISTRATIVE AGENT | Systems and methods for identifying potentially malicious messages |
| 8582599, | Jul 04 1996 | Hitachi, Ltd. | Translator for IP networks, network system using the translator, and IP network coupling method therefor |
| 8589503, | Apr 04 2008 | JPMORGAN CHASE BANK, N A , AS ADMINISTRATIVE AGENT | Prioritizing network traffic |
| 8594107, | Mar 12 1997 | NOMADIX, INC. | System and method for establishing network connection |
| 8594108, | Nov 01 1996 | Hitachi, Ltd. | Communicating method between IPv4 terminal and IPv6 terminal and IPv4-IPv6 converting apparatus |
| 8606910, | Apr 04 2008 | JPMORGAN CHASE BANK, N A , AS ADMINISTRATIVE AGENT | Prioritizing network traffic |
| 8606917, | Dec 08 1998 | GATE WORLDWIDE HOLDINGS LLC | Systems and methods for providing content and services on a network system |
| 8613053, | Dec 08 1998 | GATE WORLDWIDE HOLDINGS LLC | System and method for authorizing a portable communication device |
| 8621559, | Nov 06 2007 | JPMORGAN CHASE BANK, N A , AS ADMINISTRATIVE AGENT | Adjusting filter or classification control settings |
| 8621638, | May 14 2010 | JPMORGAN CHASE BANK, N A , AS ADMINISTRATIVE AGENT | Systems and methods for classification of messaging entities |
| 8631495, | Mar 08 2002 | JPMORGAN CHASE BANK, N A , AS ADMINISTRATIVE AGENT | Systems and methods for message threat management |
| 8635690, | Nov 05 2004 | JPMORGAN CHASE BANK, N A , AS ADMINISTRATIVE AGENT | Reputation based message processing |
| 8670326, | Mar 31 2011 | Cisco Technology, Inc. | System and method for probing multiple paths in a network environment |
| 8675650, | Sep 12 2000 | Cisco Technology, Inc. | Stateful network address translation protocol implemented over a data network |
| 8713641, | Dec 08 1998 | GATE WORLDWIDE HOLDINGS LLC | Systems and methods for authorizing, authenticating and accounting users having transparent computer access to a network using a gateway device |
| 8724517, | Jun 02 2011 | Cisco Technology, Inc. | System and method for managing network traffic disruption |
| 8725888, | Dec 08 1998 | GATE WORLDWIDE HOLDINGS LLC | Systems and methods for providing content and services on a network system |
| 8725899, | Dec 08 1998 | GATE WORLDWIDE HOLDINGS LLC | Systems and methods for providing content and services on a network system |
| 8762537, | Jan 24 2007 | JPMORGAN CHASE BANK, N A , AS ADMINISTRATIVE AGENT | Multi-dimensional reputation scoring |
| 8763114, | Jan 24 2007 | JPMORGAN CHASE BANK, N A , AS ADMINISTRATIVE AGENT | Detecting image spam |
| 8774010, | Nov 02 2010 | Cisco Technology, Inc. | System and method for providing proactive fault monitoring in a network environment |
| 8787207, | Feb 15 2006 | Cisco Technology, Inc. | Topology discovery of a private network |
| 8788690, | Dec 08 1998 | GATE WORLDWIDE HOLDINGS LLC | Systems and methods for providing content and services on a network system |
| 8806634, | Apr 05 2005 | COMPUTING SERVICES SUPPORT SOLUTIONS, INC | System for finding potential origins of spoofed internet protocol attack traffic |
| 8830875, | Jun 15 2011 | Cisco Technology, Inc. | System and method for providing a loop free topology in a network environment |
| 8832315, | Oct 15 2002 | GATE WORLDWIDE HOLDINGS LLC | Systems and methods for network address translation |
| 8854195, | Feb 24 1999 | GUEST TEK INTERACTIVE ENTERTAINMENT LTD | Customizing guest room by transmission of control information corresponding to guest preferences to in-room systems via network of hospitality structure |
| 8909726, | Aug 27 2003 | Cisco Technology, Inc. | Priority based anycast routing |
| 8914872, | Jun 15 1999 | SSH Communications Security OYJ | Revealing occurrence of network address translations |
| 8914873, | Jun 15 1999 | SSH Communications Security OYJ | Revealing address information in systems where network address translations occur |
| 8918858, | Jun 15 1999 | SSH Communications Security OYJ | Communications across a network address translator |
| 8930545, | Mar 05 2008 | SONY INTERACTIVE ENTERTAINMENT INC | Traversal of symmetric network address translator for multiple simultaneous connections |
| 8934484, | Apr 06 2000 | The Distribution Systems Research Institute | Terminal-to-terminal communication connection control method using IP transfer network |
| 8938062, | Dec 11 1995 | Comcast IP Holdings I, LLC | Method for accessing service resource items that are for use in a telecommunications system |
| 8943206, | Dec 04 2007 | SONY INTERACTIVE ENTERTAINMENT INC | Network bandwidth detection and distribution |
| 8948161, | Apr 06 2000 | The Distribution Systems Research Institute | Terminal-to-terminal communication connection control method using IP transfer network |
| 8953749, | Feb 01 2002 | Comcast Cable Communications, LLC | Lifestyle multimedia security system |
| 8955095, | Apr 14 1999 | Verizon Corporate Services Group, Inc.; Level 3 Communications LLC; Raytheon BBN Technologies Corp. | Intrusion and misuse deterrence system employing a virtual network |
| 8973126, | Jun 15 1999 | SSH Communications Security OYJ | Determining occurrence of a network address translation |
| 8973127, | Jun 15 1999 | SSH Communications Security OYJ | Communications across a network address translator |
| 8976782, | Sep 16 1997 | Verizon Patent and Licensing Inc | Network session management for telephony over hybrid networks |
| 8982733, | Mar 04 2011 | Cisco Technology, Inc. | System and method for managing topology changes in a network environment |
| 9009321, | Jan 24 2007 | JPMORGAN CHASE BANK, N A , AS ADMINISTRATIVE AGENT | Multi-dimensional reputation scoring |
| 9025599, | Feb 24 1999 | Guest Tek Interactive Entertainment Ltd. | Methods and apparatus for providing high speed connectivity to a hotel environment |
| 9042381, | Sep 12 2000 | Cisco Technology, Inc. | Stateful network address translation protocol implemented over a data network |
| 9071578, | Jun 15 1999 | SSH Communications Security OYJ | Maintaining network address translations |
| 9160672, | Dec 08 1998 | GATE WORLDWIDE HOLDINGS LLC | Systems and methods for controlling user perceived connection speed |
| 9191505, | May 28 2009 | Comcast Cable Communications, LLC | Stateful home phone service |
| 9215254, | Sep 16 1997 | Verizon Patent and Licensing Inc | Network session management for telephony over hybrid networks |
| 9276834, | Jun 29 1999 | Cisco Technology, Inc. | Load sharing and redundancy scheme |
| 9300921, | Jul 20 1999 | Comcast Cable Communications, LLC | Video security systems and methods |
| 9407509, | Nov 09 1998 | SRI International | Network surveillance |
| 9450846, | Oct 17 2012 | Cisco Technology, Inc. | System and method for tracking packets in a network environment |
| 9491136, | Oct 15 2002 | GATE WORLDWIDE HOLDINGS LLC | Systems and methods for network address translation |
| 9503419, | Feb 24 1999 | Guest Tek Interactive Entertainment Ltd. | Methods and apparatus for providing high speed connectivity to a hotel environment |
| 9544272, | Jan 24 2007 | JPMORGAN CHASE BANK, N A , AS ADMINISTRATIVE AGENT | Detecting image spam |
| 9548935, | Dec 08 1998 | GATE WORLDWIDE HOLDINGS LLC | Systems and methods for providing content and services on a network system |
| 9600945, | Feb 01 2002 | Comcast Cable Communications, LLC | Lifestyle multimedia security system |
| 9667594, | Jun 15 1999 | SSH Communications Security OYJ | Maintaining network address translations |
| 9705846, | Feb 24 1999 | Guest Tek Interactive Entertainment Ltd. | Methods and apparatus for providing high speed connectivity to a hotel environment |
| 9838323, | Aug 27 2003 | Cisco Technology, Inc. | Priority based anycast routing |
| RE38902, | Apr 23 1998 | Lucent Technologies Inc. | System and method for network address translation as an external service in the access server of a service provider |
| RE41750, | Feb 17 2000 | Cisco Technology, Inc. | Apparatus and method for redirection of network management messages in a cluster of network devices |
| RE42003, | Oct 10 2000 | Ericsson AB | Assisted power-up and hand off system and method |
| RE43057, | Sep 13 2000 | Alcatel Lucent | Method and apparatus for facilitating peer-to-peer application communication |
| RE44593, | Sep 13 2000 | Alcatel Lucent | Method and apparatus for facilitating peer-to-peer application communication |
| RE44661, | Jan 18 2000 | Cisco Technology, Inc. | Method for a cable modem to rapidly switch to a backup CMTS |
| RE47566, | Jul 27 2007 | SONY INTERACTIVE ENTERTAINMENT INC | NAT traversal for mobile network devices |
| Patent | Priority | Assignee | Title |
| 4962532, | Dec 22 1988 | IBM Corporation; INTERNATIONAL BUSINESS MACHINES CORPORATION, A CORP OF NEW YORK | Method for providing notification of classified electronic message delivery restriction |
| 5159592, | Oct 29 1990 | International Business Machines Corporation; INTERNATIONAL BUSINESS MACHINES CORPORATION, A CORP OF NEW YORK | Network address management for a wired network supporting wireless communication to a plurality of mobile users |
| 5287103, | Dec 30 1991 | THE CHASE MANHATTAN BANK, AS COLLATERAL AGENT | Method and apparatus for providing local area network clients with internetwork identification data |
| 5371852, | Oct 14 1992 | International Business Machines Corporation | Method and apparatus for making a cluster of computers appear as a single host on a network |
| 5430715, | Sep 15 1993 | Cisco Technology, Inc | Flexible destination address mapping mechanism in a cell switching communication controller |
| 5477531, | Jun 12 1991 | Hewlett-Packard Company; HEWLETT-PACKARD DEVELOPMENT COMPANY, L P ; Agilent Technologies, Inc | Method and apparatus for testing a packet-based network |
| 5513337, | May 25 1994 | Intel Corporation | System for protecting unauthorized memory accesses by comparing base memory address with mask bits and having attribute bits for identifying access operational mode and type |
| 5550984, | Dec 07 1994 | Panasonic Corporation of North America | Security system for preventing unauthorized communications between networks by translating communications received in ip protocol to non-ip protocol to remove address and routing services information |
| 5623601, | Nov 21 1994 | RPX Corporation | Apparatus and method for providing a secure gateway for communication and data exchanges between networks |
| Executed on | Assignor | Assignee | Conveyance | Frame | Reel | Doc |
| Nov 03 1995 | Cisco Technology, Inc. | (assignment on the face of the patent) | / | |||
| Jan 19 1996 | MAYES, JOHN C | Cisco Systems, Inc | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 007885 | /0604 | |
| Jan 29 1996 | COILE, BRANTLEY W | Cisco Systems, Inc | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 007885 | /0604 | |
| Aug 04 1997 | Cisco Systems, Inc | Cisco Technology, Inc | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 008800 | /0585 |
| Date | Maintenance Fee Events |
| Dec 28 2001 | M183: Payment of Maintenance Fee, 4th Year, Large Entity. |
| Dec 23 2005 | ASPN: Payor Number Assigned. |
| Dec 28 2005 | M1552: Payment of Maintenance Fee, 8th Year, Large Entity. |
| Jan 22 2010 | M1553: Payment of Maintenance Fee, 12th Year, Large Entity. |
| Date | Maintenance Schedule |
| Aug 11 2001 | 4 years fee payment window open |
| Feb 11 2002 | 6 months grace period start (w surcharge) |
| Aug 11 2002 | patent expiry (for year 4) |
| Aug 11 2004 | 2 years to revive unintentionally abandoned end. (for year 4) |
| Aug 11 2005 | 8 years fee payment window open |
| Feb 11 2006 | 6 months grace period start (w surcharge) |
| Aug 11 2006 | patent expiry (for year 8) |
| Aug 11 2008 | 2 years to revive unintentionally abandoned end. (for year 8) |
| Aug 11 2009 | 12 years fee payment window open |
| Feb 11 2010 | 6 months grace period start (w surcharge) |
| Aug 11 2010 | patent expiry (for year 12) |
| Aug 11 2012 | 2 years to revive unintentionally abandoned end. (for year 12) |